通过Win32上的代码安装根CA证书 [英] Installing Root CA Cert via code on Win32
问题描述
我们刚刚使用Microsoft的TS网关设置了一个新的远程访问解决方案,这需要最终用户代表几个有点费力的步骤,以使其工作(安装我们的根CA证书,RDP 6.1客户端的要求等等)。
We've just set up a new remote access solution using Microsoft's TS Gateway, which requires a couple of somewhat fiddly steps on the end users behalf in order to get it working (installing our root ca cert, requirement of RDP 6.1 client etc).
为了使这个设置过程尽可能容易(很多这些用户不是技术上的),我想创建一个程序以自动执行所有这些任务。我的大部分工作,但我不完全确定如何导入根CA证书到Windows证书存储。
In order to make this setup process as easy as possible (a lot of these users aren't technically minded), I'm looking to create a program to perform all these tasks automatically. I have most of it working, however I'm not entirely sure how to go about importing the Root CA cert into the Windows certificate store.
因为这可能会运行在具有不同级别的补丁和更新的各种计算机上,我很好地清除了.NET和任何不是本机的东西 - 该工具应该运行,而无需用户安装任何额外的东西(好,我会说windows XP,没有服务包,是最低要求的windows版本)。说的是,我不介意使用第三方,如果它可以捆绑在工具,只要它不是巨大的,不介绍任何交互步骤。理想情况下,在Windows API中的东西是最好的,但我似乎无法跟踪任何相关的。
Because this can potentially be run on a wide range of computers with varying levels of patches and updates, I'm steering well clear of .NET and anything that isn't native - the tool should 'just run' without the user having to install anything extra (well, I will say windows XP, no service packs, is the bare minimum required version of windows). In saying that, I don't mind using something third party if it can be bundled in with the tool, as long as it's not huge, and doesn't introduce any interactive steps. Ideally something in the windows API would be best, however I can't seem to track down anything relevant.
目前,该工具是一个C ++应用程序,所以我不
Currently the tool is a C++ application, so I don't mind if it's quite low level stuff.
推荐答案
首先需要打开根证书存储...
First you need to open the root certificate store...
HCERTSTORE hRootCertStore = CertOpenSystemStore(NULL,"ROOT");
然后使用CertAdd函数之一添加证书,例如CertAddEncodedCertificateToStore。
Then add the certificate using one of the CertAdd functions, such as CertAddEncodedCertificateToStore.
CertAddEncodedCertificateToStore(hRootCertStore,X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,pCertData,cbCertData,CERT_STORE_ADD_USE_EXISTING,NULL);
pCertData和cbCertData可能指向从文件读取的证书数据证书将在一个文件中,或如何将其包括在您的应用程序中)。
pCertData and cbCertData would likely point to the certificate data that you read from a file (not sure if the certificate will be in a file, or how you will include it in your application).
然后关闭商店...
CertCloseStore(hRootCertStore,0);
注意:此代码如果作为用户运行,请将证书安装到用户的根存储,而不是电脑。它还导致用户必须理解的警告对话框,并选择是以授权导入。如果您的安装程序可以在系统帐户中运行此代码,导入将影响计算机的根存储,并且不会显示警告对话框。
NOTE: This code if run as the user, installs the certificate to the user's root store, not the computer's. It also results in a warning dialog that the user must understand and select "Yes" to authorize the import. If your setup program can run this code in a system account, the import will affect the computer's root store and not warning dialog will be shown.
这篇关于通过Win32上的代码安装根CA证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
