I'm loading开发者_Python百科 a .p7b certificate file into memory and then calling CertCreateCertificateContext on it, but it fails with the error "ASN1 bad tag value met.".
The call look like this:
m_hContext = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, pbCertEncoded, dwCertEncodedLen);
This returns NULL and GetLastError() returns the error mentioned above.
I created the certificate file by dragging a certificate out of the settings in IE, which then does an automatic export to a file.
What am I doing wrong?
Thanks!
Try to open your certificate by some asn.1 editor.
Probably your certificate has been exported incorrectly or size of the certificate you pass to the api is wrong... Rather the second one option (incorrect cert construction or passing).
I found here the info that the encoding you try to use is not fully supported (see possible error values).
You have to use CertOpenStore()
instead:
HCERTSTORE hCertStore = CertOpenStore(
CERT_STORE_PROV_FILENAME,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
NULL,
CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG,
pszFilePath));
CertCreateCertificateContext()
supports one certificate only, whereas PKCS #7 file can contain many.
Quote from MSDN:
CERT_STORE_PROV_FILENAME Initializes the store with certificates, CRLs, and CTLs from a file. The provider opens the file and first attempts to read the file as a serialized store, then as a PKCS #7 signed message, and finally as a single encoded certificate.
After the certificate store is open, you can use CertEnumCertificatesInStore()
to retrieve certificate context of individual certificates from store.
Make sure the certificate is in binary format.
I had similar issue when the certificate was in "Base-64 encoded X.509". It was fixed when i used the same certificate in "DER encoded binary X.509"
You can do this easily on windows by manually importing into cert store and then exporting using the desired format.
Certificate can then be used to be installed on other machines using winapi functions.
精彩评论