Platform SDK: Smart Card Enrollment Control

ISCrdEnr::setSigningCertificate

The setSigningCertificate method specifies a signing certificate (also known as the enrollment agent certificate). Before enrolling on behalf of users, you must select or set a signing certificate. The private key associated with this signing certificate is used to sign a PKCS #7 request. The PKCS #7, in turn, contains the user's PKCS #10 request (which is signed with the user's private key).

objSCEnroll.setSigningCertificate( _
    dwFlags As Long, _
    bstrCertTemplateName As String)

Parameters

objSCEnroll
Object expression that resolves to a SCrdEnr object.
dwFlags
Reserved for future use. Set this value to 0.
bstrCertTemplateName
Name of the certificate template for the signing certificate. You can use the value "EnrollmentAgent" if you have obtained an EnrollmentAgent certificate.

Return Values

This method has no return values.

Remarks

Before enrolling on behalf of a user, you must first obtain a signing certificate. You can obtain a signing certificate by using the Certificate Manager MMC snap-in. The setSigningCertificate method does not obtain the signing certificate but informs the Smart Card Enrollment Control which previously obtained signing certificate to use. The setSigningCertificate method searches the caller's "My" store for the most recent signing certificate corresponding to the certificate template specified by bstrCertTemplateName.

An alternative to setSigningCertificate is ISCrdEnr::setSigningCertificate.

Once a signing certificate is set, its name can be retrieved by calling ISCrdEnr::getSigningCertificateName.

Example Code in VBScript

Senroll.setSigningCertificate 0, "EnrollmentAgent"

Requirements

  Windows NT/2000: Requires Windows 2000.
  Windows 95/98: Unsupported.
  Library: Included as a resource in Scrdenrl.dll.

See Also

ISCrdEnr::getSigningCertificateName

Built on Wednesday, November 10, 1999