Install a p12 Certificate - Problem

Mario Dambauer · Mar 24, 2004

When I manually install a p12 Certificate via mmc there is no problem at
all...

But I have to install the Certificate to my terminals on the field, so I
developed an application which installes the certificate automatically.
The Allication works fine on windows xp professional and the app works also
fine on an xp embedded where some time ago, a certificate was installed with
mmc.

But my app failes, if I want to install the certificate on a "virgin" xpe
image, on which no certificate was installed via mmc before...
The app failed at CertAddCertificateContextToStore and I get an error
message (... mem could not be written.... OK to terminate program)

I assume that I am missing some registry data?

Perhaps I am missing a component?
I added Certificate MMC Snap-In to my image....

Any ideas would be helpful..

I know I can track which regvalues are added by importing a certificate via
mmc and than try to find out which reg entrys these are, but there a lot of
entrys which are added, so perhaps anyone know which entrys are missing....

Best Regards,
Mario

KM · Mar 24, 2004

Mario,

I don't have an answer for you but just wanted to confirm how you call the APIs from your app.
What a certificate store do you open (CertOpenStore) to pass to CertAddCertificateContextToStore? Do you pass
CERT_STORE_CREATE_NEW_FLAG bit in dwFlags. I think you don't have a certificate store yet and the system may not be able to
enumerate the certificate stores. Check this with "mmc certmgr.msc".

Here is a good example how to treat security certificates with CryptoAPI on CodeGuru:
http://www.codeguru.com/Cpp/I-N/internet/security/article.php/c6211/.

Mario Dambauer · Mar 29, 2004

Hi KM, thanks for your response, but I cant solve the problem...

I try to open the stores using:
//open store for the CompAccount -> Internal CA Certificate

myCAStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_CREATE_NEW_FLAG |
CERT_SYSTEM_STORE_LOCAL_MACHINE, L"root");

//open store for the CompAccount -> Personal Certificate

myLCPersonalStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0,
CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_CREATE_NEW_FLAG |
CERT_SYSTEM_STORE_LOCAL_MACHINE, L"MY");

But bouth operations went wrong on xp embedded...

Any other Ideas?

KM said:
Mario,

I don't have an answer for you but just wanted to confirm how you call the APIs from your app.
What a certificate store do you open (CertOpenStore) to pass to

CertAddCertificateContextToStore? Do you pass

CERT_STORE_CREATE_NEW_FLAG bit in dwFlags. I think you don't have a

certificate store yet and the system may not be able to

Slobodan Brcin \(eMVP\) · Mar 29, 2004

Hi Mario,

Can you add to your code detection of failure reason.
Use GetLastError to get status of CertOpenStore operation.
Maybe error code will point you in right direction.

Regards,
Slobodan

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Have an opinion on the effectiveness of Microsoft Embedded newsgroups? Tell
Microsoft!
https://www.windowsembeddedeval.com/community/newsgroups
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

KM · Mar 29, 2004

Mario,

Also try removing CERT_STORE_OPEN_EXISTING_FLAG flag from the calls.

Or

If neither CERT_STORE_OPEN_EXISTING_FLAG nor CERT_STORE_CREATE_NEW_FLAG is set, a store is opened if it exists or is created and
opened if it did not already exist.

Mario Dambauer · Mar 31, 2004

Thanks four your responses...

You were right, at CertOpenStore I forgot to check if the cert already
exists....
Now I got the CertOpenStore to work and I got at bouth stores a valid
pointer.

But when I try to Add the Cert Context to the store, only the first "root"
suceeded and "my" failed...
I use these code, is there any fault in it?

myStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL,
CERT_STORE_OPEN_EXISTING_FLAG | CERT_SYSTEM_STORE_LOCAL_MACHINE, L"MY");
while (0 != (pctx = CertEnumCertificatesInStore(pfxStore, pctx)))
..
..
if (!CertAddCertificateContextToStore(myStore, pctx, CERT_STORE_ADD_NEW, 0))
{
GetLastError -> err code is 2147942405

but myStore is a vaild ponter....
I havent found any info on this error code, perhaps one of you two has more
info?

Thanks in advance...
Mario

KM said:
Mario,

Also try removing CERT_STORE_OPEN_EXISTING_FLAG flag from the calls.

Or

If neither CERT_STORE_OPEN_EXISTING_FLAG nor CERT_STORE_CREATE_NEW_FLAG is

set, a store is opened if it exists or is created and

Slobodan Brcin \(eMVP\) · Mar 31, 2004

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=80070005&btnG=
Search&meta=

Is this enough?

80070005 <=> 2147942405

Regards,
Slobodan

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Have an opinion on the effectiveness of Microsoft Embedded newsgroups? Tell
Microsoft!
https://www.windowsembeddedeval.com/community/newsgroups
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mario Dambauer · Mar 31, 2004

*grin*
yes thats enough....

Slobodan Brcin (eMVP) said:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=80070005&btnG=
Search&meta=

Is this enough?

80070005 <=> 2147942405

Regards,
Slobodan

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Have an opinion on the effectiveness of Microsoft Embedded newsgroups? Tell
Microsoft!
https://www.windowsembeddedeval.com/community/newsgroups
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CERT_STORE_CREATE_NEW_FLAG there

Install a p12 Certificate - Problem

Mario Dambauer

KM

Mario Dambauer

Slobodan Brcin \(eMVP\)

KM

Mario Dambauer

Slobodan Brcin \(eMVP\)

Mario Dambauer