Share via

Extracting Server Certificate Information with a CAPICOM-Based Script

  • Article

Applies To: Windows Server 2003, Windows Server 2003 with SP1

CAPICOM is an easy-to-use interface into CryptoAPI. CAPICOM allows you to incorporate Public Key Infrastructure (PKI) functionality into your applications by providing a simple interface for searching the certificate store and using server certificates to sign or encrypt data. Applications using CAPICOM objects call interfaces into CAPICOM.dll. CAPICOM.dll must be present and registered at run time to use CAPICOM objects. If you use CAPICOM objects in a Visual Basic project, you should add CAPICOM.dll to the project references. CAPICOM.dll is available with the Platform SDK. For more information about CAPICOM, see the CAPICOM Reference on MSDN.

Registering CAPICOM.dll

To register CAPICOM.dll, at the command prompt, change directories to the directory where CAPICOM.dll is stored, and then type regsvr32 capicom.dll.

You can use CAPICOM to create any number of server certificate–related management scripts. Listing 9.15 uses CAPICOM to extract SSL script information from IIS.

Listing 9.15   Sample Script for Extracting CAPICOM SSL Script Information

REM 
Option Explicit
on error resume next
Const CAPICOM_MY_STORE = "My"
Const CAPICOM_LOCAL_MACHINE_STORE  = 1
Const CAPICOM_CURRENT_USER_STORE  = 2
Const CAPICOM_STORE_OPEN_READ_ONLY = 0
Const CAPICOM_EKU_CLIENT_AUTH = 2
Const CAPICOM_EKU_CODE_SIGNING = 3
Const CAPICOM_EKU_EMAIL_PROTECTION = 4
Const CAPICOM_EKU_SERVER_AUTH = 1
Const CAPICOM_EKU_OTHER = 0
Const CR_DISP_ISSUED  = &H3
Const CR_OUT_CHAIN = &H100
Const CR_OUT_BASE64 = &H1
Const CERT_SYSTEM_STORE_LOCAL_MACHINE = &H20000
Const CR_IN_BASE64  = &H1
Const CR_IN_PKCS10  = &H100
Dim oCert, oStore
Set oStore = CreateObject ("CAPICOM.Store")
if Err.Number <> 0 Then
   wscript.echo "CAPICOM NOT detected"
   Wscript.Quit(1)
End if
oStore.Open CAPICOM_LOCAL_MACHINE_STORE, CAPICOM_MY_STORE, CAPICOM_STORE_OPEN_READ_ONLY
For Each oCert in oStore.Certificates
   WScript.Echo "  Subject Name: " & oCert.SubjectName
        WScript.Echo "  Issuer Name: " & oCert.IssuerName
        WScript.Echo "  SHA-1 Thumbprint: " & oCert.Thumbprint
        WScript.Echo "  Serial Number: " & oCert.SerialNumber
        WScript.Echo "  Version: " & oCert.Version
        WScript.Echo "  Valid From: " & oCert.ValidFromDate
        WScript.Echo "  Valid To: " & oCert.ValidToDate
Next