ISmsMessage4::VerifyServerSignature Method

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

The ISmsMessage4::VerifyServerSignature method, in Configuration Manager, verifies the signature of the payload of a reply message.

[IDL]
HRESULT VerifyServerSignature(
     MPAPI_CERT_STORE_LOCATION  StoreLocation,
     LPCWSTR  szStoreName
);

Parameters

• StoreLocation
  Data type: MPAPI_CERT_STORE_LOCATION

  Qualifiers: [in]

  The location of the store. Possible values are defined for MPAPI_CERT_STORE_LOCATION Enumeration.

• szStoreName
  Data type: LPCWSTR

  Qualifiers: [in]

  Null-terminated string specifying the store name.

Return Values

An HRESULT code. Possible values include, but are not limited to, the following:

• S_OK
  The method succeeded.

Remarks

This method is applicable to both mixed and native security modes.

The certificate store must contain the public portion of the certificates for all management points that can possibly receive the message.

The method used to get the store name depends on whether you are using mixed mode or native mode security.

Mixed Mode

If you are running in mixed-mode, you use the custom identifier (OID) / Friendly name obtained from the following location in the Configuration Manager store.

CERT_FRIENDLY_NAME_PROP(11) 
 SMS Signing Certificate

The required enhanced key usage is 1.3.6.1.4.1.311.101.

For more information, see https://go.microsoft.com/fwlink/?LinkId=110488.

Native Mode

If you are running in mixed mode, you can use the certificate on the Internet Information Services (IIS) Web site that the Configuration Manager 2007 management point uses.

To get the certificate, do the following:

Get the certificate store

Look up certificate store by getting the management point Web site from the registry location HKEY_LOCAL_MACHINE\Software\\Microsoft\\SMS\\IIS\ MPCWSPath. Then, get the certificate store using the IMSAdminBase https://go.microsoft.com/fwlink/?LinkId=110490 interface. The identifier for the store is 5511.

Get the certificate hash

To get the hash, use the IMSAdminBaseInterface. The identifier for the hash is 5506.

Get the certificate

Use the CertOpenStore (https://go.microsoft.com/fwlink/?LinkId=110491) to open the store, and then use CertEnumCertificatesInStore (https://go.microsoft.com/fwlink/?LinkId=110492) method to look up the certificate context. Finally use CertFindCertificateInStore (https://go.microsoft.com/fwlink/?LinkId=110494) to get the certificate.

Note

If you are using Network Load Balancing (NLB), provide the certificate for each computer in the NLB cluster.

Requirements

See Also

Concepts

ISmsMessage4 Interface
MPAPI_CERT_STORE_LOCATION Enumeration