Export (0) Print
Expand All

What Is the Windows Server 2008 Certificate Enrollment Control?

Published: July 9, 2009

Applies To: Windows Server 2008

The Windows Server 2008 Certificate Enrollment Control is a Component Object Model (COM)–based component comprising many different classes/interfaces that enable certificate requests to be created and also provide the ability to enroll for certificates using these requests.

The IX509Enrollment (http://go.microsoft.com/fwlink/?LinkId=180990) and ICertRequest2 (http://go.microsoft.com/fwlink/?LinkId=180989) certificate enrollment interfaces allow certificate requests to be programmatically created and submitted to a certification authority (CA) for processing.

 

bdcca807-2704-46d1-a6cc-d6977aa1f012

 

Figure 1   Windows Vista Enrollment Classes

Certificate request interfaces (IX509CertificateRequest, IX509CertificateRequestPkcs10, IX509CertificateRequestCertificate, IX509CertificateRequestPkcs7, and IX509CertificateRequestCmc) allow various formats of certificate requests to be generated, including Public-Key Cryptography Standards (PKCS)#10, PKCS#7, and Common Messaging Calls (CMC).

 

74942583-678c-4370-8dfb-fb27ccfaf0fd

 

Figure 2   Windows Vista Request Classes

Other interfaces, including attribute, extension, and properties classes, provide support for manipulation of many certificate and key properties. Examples include generation of custom subject names, key export, performing private key archival together with signing requests using an Enrollment Agent certificate on behalf of another user.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft