首页 > 编程语言> > javascript – CX509CertificateRequestPkcs10对象上InitializeFromPrivateKey()中的模板参数在尝试特定模板时导致异常

javascript – CX509CertificateRequestPkcs10对象上InitializeFromPrivateKey()中的模板参数在尝试特定模板时导致异常

2019-05-30 22:32:37 作者：互联网

我在X509Enrollment.CX509CertificateRequestPkcs10对象上的InitializeFromPrivateKey()中指定模板参数时遇到问题.除“用户”模板之外的任何内容都会导致以下异常： –

CertEnroll :: CX509CertificateRequestPkcs10 :: InitializeFromPrivateKey：此CA不支持所请求的证书模板. 0x80094800(-2146875392)

我需要使用一个特定的证书模板,当我尝试它时,代码会抛出异常.该模板存在于CA上,并且位于运行以下代码的客户端计算机上.

Javascript代码如下：

 <script type="text/javascript">

     var sCertificate = null;
     var sDistinguishedName = "C=\"\";S=\"\";L=\"\";O=\"XXXXX\";OU=\"XXXXXXX\";E=\"XXXXX@XXXX.com\";CN=\"xxxxxxx\";";
     var template = "RegistrationCert"; //Anything Other than "User" fails, have tried template Oid too.

     var classFactory = new ActiveXObject("X509Enrollment.CX509EnrollmentWebClassFactory");
     var objEnroll = classFactory.CreateObject("X509Enrollment.CX509Enrollment");
     var objPrivateKey = classFactory.CreateObject("X509Enrollment.CX509PrivateKey");
     var objRequest = classFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
     var objDN = classFactory.CreateObject("X509Enrollment.CX500DistinguishedName");

     objPrivateKey.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0";
     objPrivateKey.KeySpec = "1";
     objPrivateKey.ProviderType = "1";

    try 
    {
            objRequest.InitializeFromPrivateKey(1, objPrivateKey, template);
            objDN.Encode(sDistinguishedName, 0);
            objRequest.Subject = objDN;
            objEnroll.InitializeFromRequest(objRequest);
            sCertificate = objEnroll.CreateRequest(1);
            document.writeln(sCertificate);
    }
    catch (ex)
    {
             document.writeln(ex.description);
    }
 </script>

其他几个问题
– 我假设模板应该存在于客户端计算机上？否则,它如何知道CA查询模板的位置？
– 客户端上的CertEnroll是否可以对抗Windows 2003 CA服务器？

如果你能帮助我,我将不胜感激！

附加信息
– 客户端是Windows 7,MS IE9客户端以管理员身份运行.
– 通过HTTP访问承载上述页面的Web App.
– Web App托管在Win2003 CA Server上.

在发布之前我已经看过……
– 关于CertEnroll InitializeFromPrivateKey的Stackoverflow线程
– Blogs about using Template OID not Template name
– MSDN / alejacma’s Site
– MSDN上的CertEnroll API

解决方法:

好吧,所以认为它……特别.

>使用CX509ExtensionTemplateName,并使用OID模板值调用InitializeEncode
>不要在InitializeFromPrivateKey中指定模板参数.

即：

var objExtensionTemplate = classFactory.CreateObject("X509Enrollment.CX509ExtensionTemplateName")


objRequest.InitializeFromPrivateKey(1, objPrivateKey, ""); //empty string, don't specify template here
objExtensionTemplate.InitializeEncode(template); //Specify Template as OID value!
objRequest.X509Extensions.Add(objExtensionTemplate);

已经在CA上验证了请求是针对我指定的模板类型,并且确实只为该类型创建了证书.

希望这有一天可以帮助某人.

标签：javascript,certificate,templates,certificate-authority,certenroll
来源： https://codeday.me/bug/20190530/1186402.html