Wednesday, May 12, 2010

How to get info from client certificates issued by a CA (C#)

Hi all,

The following C# sample shows how to use Certadm.dll and CryptoAPI to get the name of the template and the enhanced usages of client certificates in a CA:

<SAMPLE file="Form1.cs">
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Collections;
using System.Runtime.InteropServices;
using System.DirectoryServices;

namespace CertAdminTest
   public partial class Form1 : Form
       public Form1()

       private void button1_Click(object sender, EventArgs e)
           // Variables
           string strServerName = "MyServer";
           DirectoryEntry rootEntry = null;
           DirectoryEntry templatesEntry = null;

               // Get AD entry that we will use to translate a certificate template OID to its correspondent name
               rootEntry = new DirectoryEntry("LDAP://" + strServerName + "/rootDSE");
               templatesEntry = new DirectoryEntry("LDAP://" + strServerName + "/cn=certificate templates,cn=public key services,cn=services,cn=configuration," + (string)rootEntry.Properties["defaultNamingContext"][0]);

               // Get Certificate Services Database info
               ViewCertificateServicesDatabase(strServerName, strServerName, templatesEntry);
           catch (Exception ex)
               // Errors?
               // Clean up
               if (rootEntry != null)
               if (templatesEntry != null)

       private void ViewCertificateServicesDatabase(string strServer, string strCAName, DirectoryEntry templatesEntry)
           // Variables
           CERTADMINLib.CCertView certView = null;
           CERTADMINLib.IEnumCERTVIEWROW certViewRow = null;
           CERTADMINLib.IEnumCERTVIEWCOLUMN certViewColumn = null;
           CERTADMINLib.IEnumCERTVIEWEXTENSION certViewExt = null;
           int iColumnCount = 0;
           string strBase64Value = "";
           string strValue = "";
           string strOID = "";
           int iStartIndex = 0;
           string strDisplayName = "";
           object objValue = null;
           string strOutput = "";

           // Connecting to the Certificate Authority
           certView = new CERTADMINLib.CCertViewClass();
           certView.OpenConnection(strServer + "\\" + strCAName);

           // Get a column count and place columns into the view
           iColumnCount = certView.GetColumnCount(0);

           // Place each column in the view.
           for (int x = 0; x < iColumnCount; x++)

Read more: Decrypt my World

Posted via email from jasper22's posterous