Certificiate generation with IE7 on Vista

Requirements:

This page shows how to add Vista compatibility to existing CA software. The following code is made available under Apache License or BSD license by CAcert Inc. and the original author Philipp G├╝hring. Other licenses are likely available on demand.

Assumptions: The XP version usually had this object defined, which has the id "cec" in our case: <object classid="clsid:..xenroll.dll id="cec">

We have the listbox CspProvider, where the user can choose which CryptoProvider to use: <select name="CspProvider">

And we have a hidden field, which tells us which kind of browser/operating system request we got: <input type="hidden" name="keytype" value="MS"> MS = Old Win2k/XP style, VI = Vista, NS = Netscape Keygen

The first step is to get the provider list from the operating system.

In the function GetProviderList, which queries for all the Cryptoproviders available on the system and fills the listbox CspProvider with it: Function GetProviderList()

we add the following code:

  On Error Resume Next

  // Vista:
  Set csps = CreateObject("X509Enrollment.CCspInformations")
  If IsObject(csps) Then
    csps.AddAvailableCsps()
    Document.CertReqForm.keytype.value="VI"
    For j = 0 to csps.Count-1
      Set oOption = document.createElement("OPTION")
      oOption.text = csps.ItemByIndex(j).Name
      oOption.value = j
      Document.CertReqForm.CspProvider.add(oOption)
    Next

  Else

  // 2000,XP:

And then the function continues with the old Win2K and XP style cec.enumProviders handling. At the end of the function, we need the

  End If
End Function

to close the If.

The next step is to generate the CSR:

In the function that generates the certificate (usually called when the user clicks on the Submit button), we add the following code:

 // Vista
  if Document.CertReqForm.keytype.value="VI" Then

    Dim g_objClassFactory
    Dim obj
    Dim objPrivateKey
    Dim g_objRequest
    Dim g_objRequestCMC

    Set g_objClassFactory=CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory")
    Set obj=g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
    Set objPrivateKey=g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey")
    Set objRequest=g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
    objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text
    objPrivateKey.ProviderType = "24"
    objPrivateKey.KeySpec = "1"
    objRequest.InitializeFromPrivateKey 1, objPrivateKey, ""

    Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName")
    objDN.Encode("CN=Dummy")
    objRequest.Subject = objDN

    //  obj.Initialize(1)
    obj.InitializeFromRequest(objRequest)
    obj.CertificateDescription="Description"
    obj.CertificateFriendlyName="FriendlyName"
    CSR=obj.CreateRequest(1)
    If len(CSR)<>0 Then Exit Function
    Msgbox "Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!"

  else
  // XP

then we have the old XP style code.

At the end of the function we need

  End if
End Function

again.

This should generate a normal CSR, similar to the one generated by Win2K and WinXP. Finally the necessary code to install the created certificate in the next step:

    On Error Resume Next

      Dim obj
      Set obj=CreateObject("X509Enrollment.CX509Enrollment")
      If IsObject(obj) Then
        obj.Initialize(1)
        obj.InstallResponse 0,certchain,0,""
        if err.number<>0 then
          msgbox err.Description
        else
          msgbox "Certificate installed successfully. Please don't forget to backup now"
        end if
      else
        .
        .
        .
      EndIf

as usual, the Win2K/XP style code continues, and we need an EndIf in the end.


IE7VistaSource (last edited 2009-10-18 11:47:07 by UlrichSchroeter)