I have a valid certificate in a hardware token and I want to create another one. I use the original Certificate as a new certificate signer. the new certificate should inherit the subject field and cryptography provider from the original certificate but it should have a new key pair. this is my code. It generates a new certificate on my system and does not inherit the cryptography provider. I want to create a new certificate in the hardware token as the original certificate.
X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
foreach (X509Certificate2 c in store.Certificates)
{
var cert2 = c.Subject;
if (cert2.Contains("CN=test"))
{
var objPkcs72 = new CX509CertificateRequestPkcs7();
string strCertificate = Convert.ToBase64String(c.RawData);
var inheritOptions = X509RequestInheritOptions.InheritNewSimilarKey & X509RequestInheritOptions.InheritSubjectFlag;
objPkcs72.InitializeFromCertificate(X509CertificateEnrollmentContext.ContextUser, false, strCertificate,
EncodingType.XCN_CRYPT_STRING_BASE64,
inheritOptions);
ISignerCertificate signer = new CSignerCertificate();
CERTENROLLLib.CSignerCertificate signer2 = new CERTENROLLLib.CSignerCertificate();
signer2.Initialize(false, X509PrivateKeyVerify.VerifyAllowUI, EncodingType.XCN_CRYPT_STRING_BASE64, strCertificate);
objPkcs72.SignerCertificate = signer2;
string c2 = "";
objEnroll.InitializeFromRequest(objPkcs72);
var message2 = objEnroll.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64);
var iDisposition = objCertRequest.Submit(CR_IN_BASE64 | CR_IN_FORMATANY, message2, templateName, CAAddress);
string c3 = objCertRequest.GetCertificate(CR_IN_BASE64 | CR_IN_FORMATANY);
X509Certificate2 cert = new X509Certificate2(LoadFromCertBase64String(c2));
objEnroll.InstallResponse(InstallResponseRestrictionFlags.AllowNone, c3, EncodingType.XCN_CRYPT_STRING_BASE64, "");
}
and when I use var inheritOptions = X509RequestInheritOptions.InheritNewSimilarKey insted var inheritOptions = X509RequestInheritOptions.InheritNewSimilarKey & X509RequestInheritOptions.InheritSubjectFlag I get Error "CertEnroll::CX509CertificateRequestPkcs7::InitializeFromCertificate: The requested property value is empty. 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)"
User contributions licensed under CC BY-SA 3.0