Issue Certificate with inherites subject and cryptography provider

Question

Issue Certificate with inherites subject and cryptography provider

I have a valid certificate in a hardware token and I want to create another one. I use the original Certificate as a new certificate signer. the new certificate should inherit the subject field and cryptography provider from the original certificate but it should have a new key pair. this is my code. It generates a new certificate on my system and does not inherit the cryptography provider. I want to create a new certificate in the hardware token as the original certificate.

   X509Store store = new X509Store(StoreLocation.CurrentUser);
        store.Open(OpenFlags.ReadOnly);
        foreach (X509Certificate2 c in store.Certificates)
        {
            var cert2 = c.Subject;
            if (cert2.Contains("CN=test"))
            {
                var objPkcs72 = new CX509CertificateRequestPkcs7();
                string strCertificate = Convert.ToBase64String(c.RawData);
                var inheritOptions = X509RequestInheritOptions.InheritNewSimilarKey & X509RequestInheritOptions.InheritSubjectFlag;
                objPkcs72.InitializeFromCertificate(X509CertificateEnrollmentContext.ContextUser, false, strCertificate,
                    EncodingType.XCN_CRYPT_STRING_BASE64,
                    inheritOptions);
                ISignerCertificate signer = new CSignerCertificate();
                CERTENROLLLib.CSignerCertificate signer2 = new CERTENROLLLib.CSignerCertificate();
                signer2.Initialize(false, X509PrivateKeyVerify.VerifyAllowUI, EncodingType.XCN_CRYPT_STRING_BASE64, strCertificate);
                objPkcs72.SignerCertificate = signer2;
                string c2 = "";
                objEnroll.InitializeFromRequest(objPkcs72);
                var message2 = objEnroll.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64);
                var iDisposition = objCertRequest.Submit(CR_IN_BASE64 | CR_IN_FORMATANY, message2, templateName, CAAddress);
                string c3 = objCertRequest.GetCertificate(CR_IN_BASE64 | CR_IN_FORMATANY);

                X509Certificate2 cert = new X509Certificate2(LoadFromCertBase64String(c2));

                objEnroll.InstallResponse(InstallResponseRestrictionFlags.AllowNone, c3, EncodingType.XCN_CRYPT_STRING_BASE64, "");
            }

and when I use var inheritOptions = X509RequestInheritOptions.InheritNewSimilarKey insted var inheritOptions = X509RequestInheritOptions.InheritNewSimilarKey & X509RequestInheritOptions.InheritSubjectFlag I get Error "CertEnroll::CX509CertificateRequestPkcs7::InitializeFromCertificate: The requested property value is empty. 0x80094004 (-2146877436 CERTSRV_E_PROPERTY_EMPTY)"

x509certificate

x509certificate2

certenroll

asked on Stack Overflow Feb 17, 2020 by

Fatemeh • edited Feb 17, 2020 by

Sohail Ahmad

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0