Edit

External Property Functions

  • Article

Properties are used to associate a value with a certificate. Properties are never sent to or processed by a certification authority (CA), and they are not stored inside a certificate. Typically, they are associated with a certificate after the certificate is received from the CA and before it is saved in a store. The properties are saved in the store along with the certificate. CertEnroll.dll implements the ICertProperty interface and the following interfaces derived from ICertProperty:

Each of the following sections identifies a function exported by Xenroll.dll to manage external certificate properties. Each section also discusses how to use CertEnroll.dll to replace the function or indicates that no mapping between the two libraries exists:

addBlobPropertyToCertificateWStr

The addBlobPropertyToCertificateWStr function in Xenroll.dll adds a property to the certificate.

In CertEnroll.dll, all of the objects derived from ICertProperty implement a SetValueOnCertificate method that you can use to associate a property with a certificate. Also, the IX509Enrollment object directly implements the CertificateFriendlyName and CertificateDescription properties.

GetPrivateKeyArchiveCertificate

The GetPrivateKeyArchiveCertificate function in Xenroll.dll retrieves the exchange certificate used to archive a private key.

You can use the IX509CertificateRequestCmc object in CertEnroll.dll to create a request for a CA to archive your private key. You must retrieve an exchange certificate from the CA and use the public key contained in that certificate to encrypt the private key that you are submitting for archival. To specify or retrieve a CA exchange certificate, call the KeyArchivalCertificate property on that object.

resetBlobProperties

The resetBlobProperties function in Xenroll.dll removes the property collection from the certificate.

In CertEnroll.dll, all of the property objects derived from ICertProperty implement the RemoveFromCertificate property that you can use to disassociate a property from a certificate.

SetPrivateKeyArchiveCertificate

The SetPrivateKeyArchiveCertificate function in Xenroll.dll specifies an exchange certificate used to archive a private key.

You can use the IX509CertificateRequestCmc object in CertEnroll.dll to create a request for a CA to archive your private key. You must retrieve an exchange certificate from the CA and use the public key contained in that certificate to encrypt the private key that you are submitting for archival. To specify or retrieve a CA exchange certificate, call the KeyArchivalCertificate property on that object.

SetSignerCertificate

The SetSignerCertificate function in Xenroll.dll Specifies a signer certificate.

The ISignerCertificate object in CertEnroll.dll can be used to sign a PKCS #7, CMC, or self-signed certificate request. You can initialize the object by using an existing signing certificate and associate it with a request by calling one of the following properties:

Also, if you initialize a CMC request from an inner request and a template or you initialize a PKCS #7 request from an existing request, the signing certificate may be set.

ThumbPrintWStr

The ThumbPrintWStr function in Xenroll.dll specifies or retrieves the value of the certificate hash.

In CertEnroll.dll, you can use the ICertPropertySHA1Hash object to retrieve a hash value (thumbprint) created by calling the InitializeFromCertificate method.

Mapping Xenroll.dll to CertEnroll.dll