i've crafted wcf service accesses remote ca using certenroll , certclient libs. generatecertificate request takes password that's used in enrollment request. return metadata generated cert , base64 string of raw bytes in response xml.
if take raw cert string , save local .pfx file can install easy breezy on win10 or 2012 machine. however, when try on win7 or 2008 machine password doesn't match.
i'm supplying x509certificaterequestcmc request that's intitialized inner x509certificaterequestpkcs10 request initialized template.
upon first encountering error tried apply os version cryptattribute either 1 of request layers without success.
cx509attributeosversionclass os = new cx509attributeosversionclass(); os.initializeencode("6.1.7601"); cx509attributesclass attribs = new cx509attributesclass(); attribs.add((cx509attribute)os); ccryptattributeclass atty = new ccryptattributeclass(); atty.initializefromvalues(attribs); request.cryptattributes.add(atty); i'm responsible webservice tier, don't have access pki store directly. dev server app pool has been set run allowed ad account on pki server , don't have account's password.
is me or store?
i invoked ticket ms on this. said there's known issue base64 pfx files not install on win7 & 2008 systems. answer decode base64 , install via binary. careful not convert .cer, you'll lose private key.
Comments
Post a Comment