Query certificate store using CAPICOM
Hello community,i have a problem with a certificate template in my environment. I have an offline root ca and an issuing ca based on windows server 2003 sp2 ent.my clients are also 2003 sp2.The template is configured to autoenrolla machinecertificate to a couple of servers. The certificate is issued correctly and it seems to be ok.NowI'd liketo query the certificate store using a script based on capicom. I'd like to select only certificates based on the respectivetemplate "xy". ThereforeI use "capicom_certificate_find_template_name", but the query works only ifI use the template OID.
Set Certificates = oStore.certificates
Set Certificates = Certificates.find(CAPICOM_CERTIFICATE_FIND_TEMPLATE_NAME, "1.3.4.2.......")
If I use the certificate template name (xy), the certificate count is 0.
Set Certificates = oStore.certificates
Set Certificates = Certificates.find(CAPICOM_CERTIFICATE_FIND_TEMPLATE_NAME, "XY")
If I search for another certificate template using the template name e.g. zz, then the query works correctly.
Set Certificates = oStore.certificates
Set Certificates = Certificates.find(CAPICOM_CERTIFICATE_FIND_TEMPLATE_NAME, "zz")
The question is what's wrong with my XY certificate template?Best RegardsFabian
October 28th, 2009 4:18pm
I'm not so familiar with VBS, however I see following mistakes:1) Find method in CAPICOM.Certificates accepts only 3 arguments (not 2 as your example). Last argument shoul be True or False (in your case False)2) second argument in Find method shouldn't be an OID, but template common name (such SmartCardLogon)Since CAPICOM COM interfaces are deprecated in Windows Vista and newer OS's it would be better to use X509Certificates namespace. But wait, VBS cannot use .NET classes! How to acces them?Learn the automation of tools within the Windows-based, .NET aware, WPF accessible, multi-processes on the same IP / Port usage, admin's automation tool, PowerShell.exe!Here is a little example how to search certificates by template name:
# create X509Certificate2Collection object
$certs = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
# enumerate certificates in current user store, Personal container and add them to
# this collection object
dir cert:\currentuser\my | %{$certs.add($_)}
# invoke Find() method and search through certificate collection
$certs.Find("FindByTemplateName","smartcardlogon",$false)http://www.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
October 28th, 2009 8:55pm
Hi,
If you need further assistance, please post to the The Official Scripting Guys Forum!. They are the best resource to deal with the scripting issues.
Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.
October 29th, 2009 11:01am
Hi,thanks for your quick respond. I had try the powershell code in my environment. But the result was the same. The query works only using the template OID instead of template name.I guess there is definitely a problem with the certificate template. Is there an option to "repair" or check the certificate template?The script is definitely ok and works fine on other certificate templates!
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2009 4:58pm


