Added the Cert.ExportToPfxData method to export to an in-memory image of a PFX file.
(In VB6) One thing we would like to do is to read out the SHA1
fingerprint of the root ca. For example, the programm should read the user
certificate. The user certificate has a certification path. Is it possible
to read out the fingerprint of the top-level root certificate?
Here is a sample program. The user certificate is loaded from the current-user registry-based certificate store by common name. Once you have the cert object, you can build the chain of authority and step through it. The root cert is the last in the list.
Dim cert As New ChilkatCert success = cert.LoadByCommonName("Chilkat Software, Inc.") Dim certChain As New ChilkatCertChain ' Leave the certCollection object empty.. Dim certCollection As New ChilkatCertColl success = certChain.BuildChain(cert, certCollection) NumCerts = certChain.NumCerts Dim certN As ChilkatCert For i = 0 To NumCerts - 1 Set certN = certChain.GetCert(i) MsgBox certN.SubjectDN Next ' The certificate at index NumCerts - 1 is the root. ' get the fingerprint: MsgBox "Root Thumbprint: " & certChain.GetCert(NumCerts - 1).Sha1Thumbprint
This article provides a step-by-step procedure for installing a certificate w/ private key (from a .PFX) so that it will be usable from ASP, ASP.NET, a Windows Service, or the SYSTEM account:
I found this PDF somewhere on Microsoft’s site, but now I cannot find it anymore. Therefore, I uploaded it to here: http://cknotes.com/microsoft-certificate-support.pdf
This contains a collection of how-to procedures for certificates:
- Install certificate after deleting the pending certificate request (IIS 6.0)
- Installing Server Certificates (IIS 6.0)
- How to install a certificate for use with IP Security in Windows Server 2003
- Key Archival and Management in Windows Server 2003
- Renew a certificate with the same key
- Renew a certificate with a new key
- How To Renew or Create New Certificate Signing Request While Another Certificate Is Currently Installed
- Request a certificate using a PKCS #10 or PKCS #7 file
- Renew a root certification authority
- Importing and exporting certificates
- Trusted root certification authority policy
- Object IDs Associated with Microsoft Cryptography
- Certutil tasks for backing up and restoring certificates
If your application is using a pre-installed certificate for creating a digital signature, or for decrypting, then it needs access to the private key. (By pre-installed, we mean a certificate that has been imported from a PFX (or via the browser) into a Windows registry-based certificate store.)
If you chose to enable strong private key protection, then the Windows operating system will display a warning dialog when any application attempts to access the private key. To disable this warning, you’ll need to re-install the certificate without strong private key protection.
This is what the warning dialog looks like:
When importing the PFX via the Certificate Management Console (cert.msc), do not check the checkbox to enable strong private key protection: