Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

working with x509 certificates

Status
Not open for further replies.

g33man

Programmer
Dec 22, 2006
50
CA
I have a VBScript which retrieves user records from Active Directory. Some of these users have x509 digital certificates in their records (userCertificate attribute). I am trying to decode this attribute in my VBScript to provide meaningful information, such as IssueDate, ExpiryDate, IssuingCA, etc....
Most references I can find are old and refer to a CAPICOM library. Microsoft has now deprecated this library, in favor of .NET - no surprise. I cannot find any examples of VBS which use the X509Certificate(2) class.
Any suggestions are appreciated.
Mike
 
Progress. I am into the world of using a COM object within VBscript. Below is a snippet of my vbs code. The line that calls the Import method errors out with [tt]"Run-time error '5': Invalid procedure call or argument"[/tt]. While debugging, I have confirmed that my byte array (ba) does contain the correct 1098 bytes (my certificate). Due to my lack of experience with using COM objects, I'm sure my issue lies there. I am grateful for any suggestions.
thanks.

Code:
.
.
Dim ba() As Byte
Dim cert
Set cert = CreateObject("System.Security.Cryptography.X509Certificates.X509Certificate")
.
.
cert.Import ba
.

 
> Due to my lack of experience with using COM objects

Trouble is you are actually using .net ...
 
Hi, and thanks for the note, but I don't fully understand your comment.
My past VBscript needs have never required using external functionality. With this current project, I found examples of using the [tt]Set var = CreateObject("...")[/tt] code, and those examples referred to this as "using a COM object". If I should have said "using .Net", than that is what I meant. :)

At this point, I really think I could be close to a solution, I just don't know how to correctly use this class (System.Security.Cryptography.X509Certificates.X509Certificate) and cannot find any examples of VBscript that do use it.

Cheers.
 
Well I don't use COM either. After doing some quick searches it appears you may/would need to use PowerShell instead of vbscript.

Maybe these sites can better help you:

[pre]

[/pre]

Good luck
--MiggyD

After pondering the riddle (for many years I might add) I finally got the answer (inadvertently through a movie): "If a tree falls in the forest and no one is around, does it make a sound?"
 
Hey, thanks for the tips. The first link is for an ActiveX object called Chilcat Cert. Unfortunately, I need my solution to work in a large organization (thousands of workstations), and it is not an option to install additional elements. My solution needs to run in vanilla vbscript.

The second link you provided is giving me food for thought however. It uses PowerShell, which is not an option for me to use (see reason above), but there are some tips on this page about using the native .Net class.

Cheers, and thanks again.
Mike
 
To clarify my earlier comment.

You are using COM - but it is .NET that you are actually calling; a certain number of .NET assemblies provide a COM interface. But that COM interface is slightly unusual because what you are fundamentally calling is .NET code

In particular, .NET has overloaded functions/methods (functions with the same name that do different things based on exactly what parameters are passed to it). COM, on the other hand, does not support function overloading, which means you only get direct access to the default .NET function with that name (the technical explanation is that the IDispatch interface - COM - relies solely on method name for binding, rather than the complete method signature as used by .NET)

In this case, the default function called [tt]import[/tt] is not the one that takes a raw byte array as a parameter, hence you code fails with the error that you have reported.

Now, whilst there are ways of using those overloaded, non-default .NET functions they further rely on the method taking parameter types that VBScript speaks (or being so configured to translate to the correct type if necessary).

As yet I have not been able to trick the Import method into working with either a byte array nor a string. I think you may be out of luck with this approach. Frankly it is rather unfortunate that MS dropped support for CAPICOM without replacing it with something that can be scripted relatively easily; maybe they were concerned about security.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top