Share via

Using CERTENROLL to Create a Certificate Signing Reqest to a CA

Julia Mirabella 1 Reputation point
2020-08-25T21:49:59.26+00:00

Greetings,

I wonder if anybody could shed some light on how to use the CERTENROLL classes (such as CX509Enrollment and CX509CertificateRequestPkcs10) to associate an ALREADY generated CSR to a CA Template. For example, I want to create a website where a user copies a CSR that they already generated into a web app, where on the "submit" button, the web application takes that CSR and associates it to a template (certificate request), and then sends that certificate request for manual approval to our CA.

From my limited testing/researching, I know that both the CX509Enrollment and CX509CertificateRequestPkcs10 classes have various "InitializeFrom" methods (some that use templates, some that don't), but I don't see anything that takes an already generated CSR. (It seems most generate one, which is NOT what I want.)

Any suggestions/feedback would be SUPER APPRECIATED. Thank you.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,136 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daisy Zhou 24,126 Reputation points Microsoft Vendor
    2020-08-26T03:33:33.22+00:00

    Hello @Julia Mirabella ,

    Thank you for posting here.

    Based on the description above ”I wonder if anybody could shed some light on how to use the CERTENROLL classes (such as CX509Enrollment and CX509CertificateRequestPkcs10) to associate an ALREADY generated CSR to a CA Template“, do you mean you want to request certificate using web page (such as https://PC.domain.com/certsrv/ or http://PC.domain.com/certsrv/)?

    If so, we can try the steps below:

    1.Install Certification Authority Web Enrollment role on Enterprise CA server.
    20356-enro0.png

    2.On the CA server, open IE, and type http://PC.domain.com/certsrv/ (PC is the machine name of your Enterprise CA server).
    20344-enro1.png

    3.Click request a certificate button and advanced certificate request button.
    20357-enro2.png

    4.Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file button.
    20260-enro3.png

    5.Copy the content in the CSR file and paste below, and select the certificate template.
    20382-enro4.png

    6.Click Submit button and check if it helps.

    Best Regards,
    Daisy Zhou

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.