Extension field not appearing on a X 509 cert

Hi
I am using   C# , Xenroll.dll and certpdef.dll to generate a cert request from a microsoft cert server. I am able to make a sucesful request , but the extension field  that I set using "cenroll2.addExtensionToRequest(XECR_PKCS10_V2_0 ,"1.1.7.1","test"); " does not seem to appear on the cert.
My question is how to set up extension fields on a X 509 certificate using XEnroll.dll ?  .. Please help..

Following is the code..


                                               const int CR_IN_BASE64 = 0x1;
                  const int CR_IN_PKCS10 = 0x100;
                  Const XECR_PKCS10_V2_0 = 1;
      
                  CEnroll2 cenroll2 = null;
                  CCertRequest requestCert = null;
                  string DN = string.Empty;
                  string request = string.Empty;
                  DN = "CN=cntestdotnet,OU=outestdotnet,O=otestdotnet,L=ltestcity,S=CA,C=US" ;
                  cenroll2 = new CEnroll2Class();
                  
                  cenroll2.addExtensionToRequest(XECR_PKCS10_V2_0 ,"1.1.7.1","test");
                  cenroll2.GenKeyFlags = 384<<16;      //384 bit RSA encryption
                  request = cenroll2.createRequest(1,DN,"1.3.6.1.4.1.311.2.1.21");
                  
                  requestCert = new CCertRequestClass();
                  returnstaus= requestCert.Submit(CR_IN_BASE64 | CR_IN_PKCS10,request,"","Server\\CA")
jansrusAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mister_NCommented:
line :
cenroll2.addExtensionToRequest(XECR_PKCS10_V2_0 ,"1.1.7.1","test");

this method can't succeed since it has been implemented only in CEnroll4 classes and over
 CEnroll4 cenroll2 = null;
should solve your problem
the method is in the class CEnroll4

hope this helps
jansrusAuthor Commented:
Thanks MIster N for your comments. Looks like I dont have CEnroll4 class on my machine. I am running on XP Pro and I believe I installed the latest platform SDK.. Do you know where I can get the CEnroll4 class..
I do have the ICenroll4 interface though.. I tried like the following

                        ICEnroll4 cenroll = new CEnrollClass();
But did not work.
Mister_NCommented:
  ICEnroll4 cenroll = new CEnroll();

information about the ICEnroll4
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/icenroll4.asp
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Mister_NCommented:
BTW    

CEnroll() is the class/object
and ICEnroll, ICEnroll2, ICEnroll3, ICEnroll4 are its interfaces.
jansrusAuthor Commented:
I am using c# in VStudio 2003 and it looks like ICEnroll, ICEnroll2, ICEnroll3, ICEnroll4 and CEnroll are all interfaces and CEnroll2Class and CEnrollClass are the only class implementaions . In short I cannot  do
ICEnroll4 cenroll = new CEnroll()
 .. but  can do
ICEnroll4 cenroll = new CEnrollClass()  ..But does not work.
Mister_NCommented:
try :
ICEnroll4 cenroll = new ICEnroll4();
Mister_NCommented:
or this one perhaps :
XENROLLLib.ICEnroll4 certEnroll = new XENROLLLib.CEnroll();

see here for classes details
http://network.programming-in.net/articles/art14-2.asp?Interop=XENROLLLib
jansrusAuthor Commented:
Mister N thanks for all your suggestions.. I cannot do any of the above as you cannot create the instance of an Interface.

I was in touch with the Microsoft tech support and here is what the support person  said.

"From my preliminary research it looks like addextensiontorequest will only add extensions to CMC requests, rather than pkcs10. It seems this is by design from a doc bug I saw, but we will verify this.
I was able to repro the problem with pkcs10 requests. And I was also able to add an extension to a CMC request."

He is yet to get back to me on a complete solution.
 
jansrusAuthor Commented:
Ignore the above comments pls.
If you are using a  default windows policy module all the oids of all the  extension fields need to be set on the  registry path..
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\<YOUr CA Server>\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy
and the key is EnableRequestExtensionList.

If you are using your custom policy module need to explicitly set the extensions as the following VB code

Private Const PROPTYPE_BINARY As Long = &H3
Private Const EXTENSION_CRITICAL_FLAG As Long = &H1

 CertServer.SetContext context
    'set up before eneumerating
    CertServer.EnumerateExtensionsSetup 0
    'atart iterating through the extensions
    strExt = CertServer.EnumerateExtensions()
    Do
        If (strExt = "") Then
            Exit Do
        End If
     
            'read extn as binary and set extn  as binary. But make sure to encode it appropriately from the client which formats the request
            CertServer.SetCertificateExtension strExt, PROPTYPE_BINARY, EXTENSION_CRITICAL_FLAG, CertServer.GetCertificateExtension(strExt, PROPTYPE_BINARY)
             strExt = CertServer.EnumerateExtensions()
    Loop   'loop until all the extensiions are examined
    CertServer.EnumerateExtensionsClose


Mister_NCommented:
well, i'm a bit confused...

did you solve the problem? how can i help you know
with your previous post?
jansrusAuthor Commented:
Yes the problem is solved. The last one that I posted is the solution.
Mister_NCommented:
okay!
well done then!
moduloCommented:
PAQed with points refunded (500)

modulo
Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Programming

From novice to tech pro — start learning today.