Using CERTENROLL to Create a Certificate Signing Reqest to a CA

Question

Greetings,

I wonder if anybody could shed some light on how to use the CERTENROLL classes (such as CX509Enrollment and CX509CertificateRequestPkcs10) to associate an ALREADY generated CSR to a CA Template. For example, I want to create a website where a user copies a CSR that they already generated into a web app, where on the "submit" button, the web application takes that CSR and associates it to a template (certificate request), and then sends that certificate request for manual approval to our CA.

From my limited testing/researching, I know that both the CX509Enrollment and CX509CertificateRequestPkcs10 classes have various "InitializeFrom" methods (some that use templates, some that don't), but I don't see anything that takes an already generated CSR. (It seems most generate one, which is NOT what I want.)

Any suggestions/feedback would be SUPER APPRECIATED. Thank you.

Answer 1

Hello @Julia Mirabella ,

Thank you for posting here.

Based on the description above ”I wonder if anybody could shed some light on how to use the CERTENROLL classes (such as CX509Enrollment and CX509CertificateRequestPkcs10) to associate an ALREADY generated CSR to a CA Template“， do you mean you want to request certificate using web page (such as https://PC.domain.com/certsrv/ or http://PC.domain.com/certsrv/)?

If so, we can try the steps below:

1.Install Certification Authority Web Enrollment role on Enterprise CA server.

2.On the CA server, open IE, and type http://PC.domain.com/certsrv/ (PC is the machine name of your Enterprise CA server).

3.Click request a certificate button and advanced certificate request button.

4.Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file button.

5.Copy the content in the CSR file and paste below, and select the certificate template.

6.Click Submit button and check if it helps.

Best Regards,
Daisy Zhou