Enumeration of values for CertOpenStore() pvPara parameter

Posted on 2012-08-29
Last Modified: 2012-08-30
I need to programmatically add some CA certificates and CRLs to two different local computer certificate stores.

Adding certificates is simple:

If the certificate is self-signed, then we add it to Third-party Root Certification Authorities.  Otherwise, add it to Intermediate Certification Authorities.

This is easily done with .NET because the certificate stores are enumerated:

// Try/catch blocks removed for readability

string storeType = string.Empty;
string subject = string.Empty;
string issuer = string.Empty;

rootStore = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
rootStore.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
rootCollection = new X509Certificate2Collection();

intermediateStore = new X509Store(StoreName.CertificateAuthority, StoreLocation.LocalMachine);
intermediateStore.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
intermediateCollection = new X509Certificate2Collection();

issuer = x509Certificate2.Issuer;
subject = x509Certificate2.Subject;

// Try to put self-signed certs in the Third Party Root Certification 
// Authorities store and all others in the Intermediate Certification Authorities
// store.
if (issuer == subject)
    storeType = "Third Party Root Certification Authorities";
    storeType = "Intermediate Certification Authorities";

Open in new window

Adding CRLs is not as easy, as there is no .NET class for X.509 CRLs.  We must revert to the Win32  CertOpenStore() function via PInvoke.

IntPtr hLocalCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, IntPtr.Zero, CERT_SYSTEM_STORE_LOCAL_MACHINE, storeName);

In scouring the Internet for the last parameter of CertOpenStore, there only appears to be only one clue to the enumeration of certificate store names in Win32: says:

 // Other common system stores include "Root", "Trust", and "Ca".

"Root" maps to "Trusted Root Certification Authorities".  "CA" seems to map to "Intermediate Certification Authorities".  The question is, what is the correct system Win32 store name for "Third-Party Root Certification Authorities"?
Question by:cgi-bin
    LVL 24

    Accepted Solution

    I'd have a look at this example (in C) which enumerates stores:

    there are other samples around there which might be helpful

    Author Closing Comment

    That's exactly what I needed.  Thanks very much!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Written by John Humphreys C++ Threading and the POSIX Library This article will cover the basic information that you need to know in order to make use of the POSIX threading library available for C and C++ on UNIX and most Linux systems.   [s…
    This article will show you some of the more useful Standard Template Library (STL) algorithms through the use of working examples.  You will learn about how these algorithms fit into the STL architecture, how they work with STL containers, and why t…
    The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
    The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now