Rob C
03-20-2006, 01:48 PM
I'm not sure if this is the proper forum, but...
I´ve written an application the creates a certificate request using the smart card enrollment dll SCrdEnr.dll. Although Administrators have to take an extra step to have the dll installed on workstations in networks that do not have an IIS installed, the program works fine, as long as the certiticate is automatically issued. But, when certificate is set to "pending", my program runs into problems.
Unfortunately, ISCrdEnr doesn't provide any information on the request, as compared to ICEnroll2: no request ID, no request disposition. Since the enroll method of the interface returns S_OK, which leads me to believe the certificate was passed to my CSP, instead of an appropriate error code, I catch a COM exception when I call the getEnrolledCertificateName method.
As you can tell, the end result is very unpleasant: there's a pending certifcate in the certificate server's pending certificate queue that I have no way of retrieving, even after it's been issued; There is a key pair on the smartcard that have to certificate. Worse yet, I can only provide the user with a guess as to why the certificate can't be displayed and wasn't issued. That later has a very unprofessional after taste.
The least I would like to do to remedy the situation is to query the certificate servers configuration before execution. But, it would be much better if I could get the ID of the request so that I could use ICertRequest to query the certificates disposition. That would enable me to retrieve the certificate after it's been issued.
Can anyone provide me with any information that could help me perform any of both of these tasks?
Thank you very much, in advance!
Rob C
I´ve written an application the creates a certificate request using the smart card enrollment dll SCrdEnr.dll. Although Administrators have to take an extra step to have the dll installed on workstations in networks that do not have an IIS installed, the program works fine, as long as the certiticate is automatically issued. But, when certificate is set to "pending", my program runs into problems.
Unfortunately, ISCrdEnr doesn't provide any information on the request, as compared to ICEnroll2: no request ID, no request disposition. Since the enroll method of the interface returns S_OK, which leads me to believe the certificate was passed to my CSP, instead of an appropriate error code, I catch a COM exception when I call the getEnrolledCertificateName method.
As you can tell, the end result is very unpleasant: there's a pending certifcate in the certificate server's pending certificate queue that I have no way of retrieving, even after it's been issued; There is a key pair on the smartcard that have to certificate. Worse yet, I can only provide the user with a guess as to why the certificate can't be displayed and wasn't issued. That later has a very unprofessional after taste.
The least I would like to do to remedy the situation is to query the certificate servers configuration before execution. But, it would be much better if I could get the ID of the request so that I could use ICertRequest to query the certificates disposition. That would enable me to retrieve the certificate after it's been issued.
Can anyone provide me with any information that could help me perform any of both of these tasks?
Thank you very much, in advance!
Rob C