What Is the Windows Server 2008 Certificate Enrollment Control?
Published: July 9, 2009
Applies To: Windows Server 2008
The Windows Server 2008 Certificate Enrollment Control is a Component Object Model (COM)–based component comprising many different classes/interfaces that enable certificate requests to be created and also provide the ability to enroll for certificates using these requests.
The IX509Enrollment (http://go.microsoft.com/fwlink/?LinkId=180990) and ICertRequest2 (http://go.microsoft.com/fwlink/?LinkId=180989) certificate enrollment interfaces allow certificate requests to be programmatically created and submitted to a certification authority (CA) for processing.
Figure 1 Windows Vista Enrollment Classes
Certificate request interfaces (IX509CertificateRequest, IX509CertificateRequestPkcs10, IX509CertificateRequestCertificate, IX509CertificateRequestPkcs7, and IX509CertificateRequestCmc) allow various formats of certificate requests to be generated, including Public-Key Cryptography Standards (PKCS)#10, PKCS#7, and Common Messaging Calls (CMC).
Figure 2 Windows Vista Request Classes
Other interfaces, including attribute, extension, and properties classes, provide support for manipulation of many certificate and key properties. Examples include generation of custom subject names, key export, performing private key archival together with signing requests using an Enrollment Agent certificate on behalf of another user.