转自 http://blog.csdn.net/adeyi/article/details/8569718
在基于ejbca搭建数字证书时候,需要实现用户自助申请数字证书(Certificate signing request)并自动安装到IE浏览器中的功能(Certificate enrollment)。
相关的资料极其缺少,好在ejbca中有相关的例子可以参考,尽管不是很完整。整理一下研究的大致成果。
1、基本思路:
1)、Certificate signing request(CSR)
证书签发请求(CSR),也叫做证书请求,是从请求者浏览器发送到证书中心来申请一个数字身份证书的一条信息,在公共密钥基础架构系统中。在创建一个 CSR 之前,这个请求者首先产生一个密钥对,为这个私有密钥保密。CSR 包括鉴别请求者一条的信息,和由这个请求者选择的公共密钥。相应的私有密钥不包含在 CSR 中,但是被用于数位签名整个请求。
在XP、Windows 2003的IE上,通过XEnroll.dll控件的createPKCS10方法来生成CSR(Certificate signing request)。
在Vista,Windows 2008,Windows 7 的IE上,需要使用CertEnroll.dll的X509Enrollment.CX509CertificateRequestPkcs10方法来生成CSR(Certificate signing request)。
2)、用户数字证书的自动安装
要实现用户数字证书在IE浏览器中自动安装,首先要客户端浏览器提交CSR到证书中心服务器,证书中心服务器端根据CSR对用户私钥和公钥进行签名并将签名后的证书返回给客户端。
在XP、Windows 2003的IE上,通过XEnroll.dll控件的acceptPKCS7方法实现证书自动安装到客户端浏览器,大致步骤如下:
<object id=”XEnroll” classid=”clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1″ codebase=”xenroll.dll”></object>
XEnroll.acceptPKCS7
在Vista,Windows 2008,Windows 7 的IE上,需要使用CertEnroll.dll控件的InstallResponse方法来实现自动安装到客户端浏览器,大致过程如下:
<object id=”CertEnroll” classid=”clsid:884e2049-217d-11da-b2a4-000e7bbb2b09″ codebase=”CertEnroll.dll”></object>
var objEnroll = CertEnroll.CreateObject(“X509Enrollment.CX509Enrollment”)
Call objEnroll.Initialize(1)
objEnroll.InstallResponse
此处安装用户数字证书时候并没有自动安装根证书,根证书自动安装的实现方式可以参考:IE中自动安装根数字证书
3)、服务器端的处理逻辑
在ejbca中src\Java\org\ejbca\ui\web\pub\DemoCertReqServlet.java、src\publicweb\publicweb\templates\certInstTemplate.jsp可以作为例子来理解服务器端对CSR请求处理及服务器响应客户端实现证书自动安装的实现机制。
以上思路其实应用于openssl的方案也可以。
2、测试页面
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">HTML</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">HEAD</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">meta</span> <span class="attr" style="color: rgb(255, 0, 0);">http-equiv</span><span class="kwrd" style="color: rgb(0, 0, 255);">="Content-Type"</span> <span class="attr" style="color: rgb(255, 0, 0);">content</span><span class="kwrd" style="color: rgb(0, 0, 255);">="text/html; charset=GBK"</span> <span class="kwrd" style="color: rgb(0, 0, 255);">/></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">TITLE</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>VBScript Certificate Enrollment Control Request 例子(使用XEnroll)
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">TITLE</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">OBJECT</span> <span class="attr" style="color: rgb(255, 0, 0);">classid</span><span class="kwrd" style="color: rgb(0, 0, 255);">="clsid:127698E4-E730-4E5C-A2b1-21490A70C8A1"</span>
<span class="attr" style="color: rgb(255, 0, 0);">codebase</span><span class="kwrd" style="color: rgb(0, 0, 255);">="xenroll.dll"</span>
<span class="attr" style="color: rgb(255, 0, 0);">id</span>=<span class="attr" style="color: rgb(255, 0, 0);">XEnroll</span> <span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">OBJECT</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">form</span> <span class="attr" style="color: rgb(255, 0, 0);">name</span><span class="kwrd" style="color: rgb(0, 0, 255);">="form1"</span> <span class="attr" style="color: rgb(255, 0, 0);">id</span><span class="kwrd" style="color: rgb(0, 0, 255);">="form1"</span> <span class="attr" style="color: rgb(255, 0, 0);">action</span><span class="kwrd" style="color: rgb(0, 0, 255);">="http://192.168.1.16/ejbca/democertreq"</span> <span class="attr" style="color: rgb(255, 0, 0);">method</span><span class="kwrd" style="color: rgb(0, 0, 255);">="post"</span> <span class="attr" style="color: rgb(255, 0, 0);">onsubmit</span><span class="kwrd" style="color: rgb(0, 0, 255);">="cert()"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">center</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>Certificate Enrollment Control Request 例子<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">br</span><span class="kwrd" style="color: rgb(0, 0, 255);">/><</span><span class="html" style="color: rgb(128, 0, 0);">br</span><span class="kwrd" style="color: rgb(0, 0, 255);">/></span>
这里只演示使用XEnroll.dll(XP、Windows 2003的IE)来生成CSR的例子<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">br</span><span class="kwrd" style="color: rgb(0, 0, 255);">/></span>
在Vista,Windows 2008,Windows 7 的IE上需要使用CertEnroll.dll,与此类似<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">br</span><span class="kwrd" style="color: rgb(0, 0, 255);">/></span>
<span class="rem" style="color: rgb(0, 128, 0);"><!--ejbca 中设定的Certificate Profile--></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">input</span> <span class="attr" style="color: rgb(255, 0, 0);">name</span><span class="kwrd" style="color: rgb(0, 0, 255);">="certificateprofile"</span> <span class="attr" style="color: rgb(255, 0, 0);">value</span><span class="kwrd" style="color: rgb(0, 0, 255);">="liang"</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="hidden"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="rem" style="color: rgb(0, 128, 0);"><!--ejbca 中设定的End Entity Profile--></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">input</span> <span class="attr" style="color: rgb(255, 0, 0);">name</span><span class="kwrd" style="color: rgb(0, 0, 255);">="entityprofile"</span> <span class="attr" style="color: rgb(255, 0, 0);">value</span><span class="kwrd" style="color: rgb(0, 0, 255);">="liang"</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="hidden"</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">br</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="rem" style="color: rgb(0, 128, 0);"><!-- XEnroll.createPKCS10产生的CSR值 --></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">input</span> <span class="attr" style="color: rgb(255, 0, 0);">name</span><span class="kwrd" style="color: rgb(0, 0, 255);">="pkcs10req"</span> <span class="attr" style="color: rgb(255, 0, 0);">id</span><span class="kwrd" style="color: rgb(0, 0, 255);">="pkcs10req"</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="hidden"</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">br</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">br</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="rem" style="color: rgb(0, 128, 0);"><!-- DemoCertReqServlet需要user参数 --></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">input</span> <span class="attr" style="color: rgb(255, 0, 0);">name</span><span class="kwrd" style="color: rgb(0, 0, 255);">="user"</span> <span class="attr" style="color: rgb(255, 0, 0);">value</span><span class="kwrd" style="color: rgb(0, 0, 255);">="C=CN,O=yeeach.com,OU=yeeach.com,CN=liang"</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="hidden"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">table</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">td</span> <span class="attr" style="color: rgb(255, 0, 0);">align</span><span class="kwrd" style="color: rgb(0, 0, 255);">="right"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>用户DN之Canonical Name(CN):<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">input</span> <span class="attr" style="color: rgb(255, 0, 0);">name</span><span class="kwrd" style="color: rgb(0, 0, 255);">="canonical_name"</span> <span class="attr" style="color: rgb(255, 0, 0);">value</span><span class="kwrd" style="color: rgb(0, 0, 255);">="liang"</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="text"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">td</span> <span class="attr" style="color: rgb(255, 0, 0);">align</span><span class="kwrd" style="color: rgb(0, 0, 255);">="right"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>用户DN之Organization(O):<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">input</span> <span class="attr" style="color: rgb(255, 0, 0);">name</span><span class="kwrd" style="color: rgb(0, 0, 255);">="organization"</span> <span class="attr" style="color: rgb(255, 0, 0);">value</span><span class="kwrd" style="color: rgb(0, 0, 255);">="yeeach.com"</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="text"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">td</span> <span class="attr" style="color: rgb(255, 0, 0);">align</span><span class="kwrd" style="color: rgb(0, 0, 255);">="right"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>用户DN之Organization Unit(C):<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">input</span> <span class="attr" style="color: rgb(255, 0, 0);">name</span><span class="kwrd" style="color: rgb(0, 0, 255);">="organization_unit"</span> <span class="attr" style="color: rgb(255, 0, 0);">value</span><span class="kwrd" style="color: rgb(0, 0, 255);">="R&D"</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="text"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">td</span> <span class="attr" style="color: rgb(255, 0, 0);">align</span><span class="kwrd" style="color: rgb(0, 0, 255);">="right"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>用户DN之County(C):<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">input</span> <span class="attr" style="color: rgb(255, 0, 0);">name</span><span class="kwrd" style="color: rgb(0, 0, 255);">="country"</span> <span class="attr" style="color: rgb(255, 0, 0);">value</span><span class="kwrd" style="color: rgb(0, 0, 255);">="CN"</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="text"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">td</span> <span class="attr" style="color: rgb(255, 0, 0);">align</span><span class="kwrd" style="color: rgb(0, 0, 255);">="right"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>用户密码:<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">input</span> <span class="attr" style="color: rgb(255, 0, 0);">name</span><span class="kwrd" style="color: rgb(0, 0, 255);">="password"</span> <span class="attr" style="color: rgb(255, 0, 0);">value</span><span class="kwrd" style="color: rgb(0, 0, 255);">="liang"</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="password"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">td</span> <span class="attr" style="color: rgb(255, 0, 0);">align</span><span class="kwrd" style="color: rgb(0, 0, 255);">="right"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>邮箱:<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">input</span> <span class="attr" style="color: rgb(255, 0, 0);">name</span><span class="kwrd" style="color: rgb(0, 0, 255);">="email"</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="text"</span> <span class="attr" style="color: rgb(255, 0, 0);">value</span><span class="kwrd" style="color: rgb(0, 0, 255);">="chuanliang@gmail.com"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">td</span> <span class="attr" style="color: rgb(255, 0, 0);">align</span><span class="kwrd" style="color: rgb(0, 0, 255);">="center"</span> <span class="attr" style="color: rgb(255, 0, 0);">colspan</span><span class="kwrd" style="color: rgb(0, 0, 255);">="2"</span><span class="kwrd" style="color: rgb(0, 0, 255);">><</span><span class="html" style="color: rgb(128, 0, 0);">input</span> <span class="attr" style="color: rgb(255, 0, 0);">value</span><span class="kwrd" style="color: rgb(0, 0, 255);">="申请证书"</span> <span class="attr" style="color: rgb(255, 0, 0);">name</span><span class="kwrd" style="color: rgb(0, 0, 255);">="submit"</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="submit"</span> <span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">td</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">tr</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">table</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">input</span> <span class="attr" style="color: rgb(255, 0, 0);">name</span><span class="kwrd" style="color: rgb(0, 0, 255);">="includeemail"</span> <span class="attr" style="color: rgb(255, 0, 0);">value</span><span class="kwrd" style="color: rgb(0, 0, 255);">="true"</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="hidden"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">form</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">SCRIPT</span> <span class="attr" style="color: rgb(255, 0, 0);">language</span><span class="kwrd" style="color: rgb(0, 0, 255);">="VBScript"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
Sub cert
<!--
<span class="str" style="color: rgb(0, 96, 128);">' Declare the distinguished name variable.
Dim strDN
'</span> Declare the request variable.
Dim strReq
<span class="str" style="color: rgb(0, 96, 128);">' Enable error handling.
On Error Resume Next
'</span> Declare consts used by CertRequest <span class="kwrd" style="color: rgb(0, 0, 255);">object</span>.
<span class="kwrd" style="color: rgb(0, 0, 255);">const</span> CR_IN_BASE64 = &H1
<span class="kwrd" style="color: rgb(0, 0, 255);">const</span> CR_IN_PKCS10 = &H100
<span class="str" style="color: rgb(0, 96, 128);">' Build the DN.
strDN = "CN="+document.getElementById("canonical_name").value _
& ",OU="+document.getElementById("organization_unit").value _
& ",O="+document.getElementById("organization").value _
& ",C="+document.getElementById("country").value
'</span> Attempt to use the control, <span class="kwrd" style="color: rgb(0, 0, 255);">in</span> <span class="kwrd" style="color: rgb(0, 0, 255);">this</span> <span class="kwrd" style="color: rgb(0, 0, 255);">case</span>, to create a PKCS #10.
MsgBox(<span class="str" style="color: rgb(0, 96, 128);">"Creating PKCS #10 "</span> & strDN)
document.getElementById(<span class="str" style="color: rgb(0, 96, 128);">"user"</span>).value=strDN
strReq = XEnroll.createPKCS10(strDN,<span class="str" style="color: rgb(0, 96, 128);">" "</span>)
<span class="str" style="color: rgb(0, 96, 128);">' If above line failed, Err.Number will not be 0.
if ( Err.Number <> 0 ) then
MsgBox("Error in call to createPKCS10 " & Err.Number)
err.clear
else
'</span>MsgBox(<span class="str" style="color: rgb(0, 96, 128);">"Submitting request "</span> & strReq)
' If the preceding line failed, Err.Number will not be 0.
<span class="kwrd" style="color: rgb(0, 0, 255);">if</span> ( Err.Number <> 0 ) then
MsgBox(<span class="str" style="color: rgb(0, 96, 128);">"Error in Request Submit "</span> & Err.Number)
err.clear
<span class="kwrd" style="color: rgb(0, 0, 255);">return</span> <span class="kwrd" style="color: rgb(0, 0, 255);">false</span>
<span class="kwrd" style="color: rgb(0, 0, 255);">else</span>
document.getElementById(<span class="str" style="color: rgb(0, 96, 128);">"pkcs10req"</span>).value=_
<span class="str" style="color: rgb(0, 96, 128);">"-----BEGIN NEW CERTIFICATE REQUEST-----"</span> + _
CHR(13) + _
strReq + _
<span class="str" style="color: rgb(0, 96, 128);">"-----END NEW CERTIFICATE REQUEST-----"</span>
end <span class="kwrd" style="color: rgb(0, 0, 255);">if</span>
end <span class="kwrd" style="color: rgb(0, 0, 255);">if</span>
Exit Sub
End Sub
-->
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">SCRIPT</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">body</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">html</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
3、certInstTemplate.jsp
<span class="rem" style="color: rgb(0, 128, 0);"><!-- Header --></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><!</span><span class="html" style="color: rgb(128, 0, 0);">DOCTYPE</span> <span class="attr" style="color: rgb(255, 0, 0);">html</span> <span class="attr" style="color: rgb(255, 0, 0);">PUBLIC</span> <span class="kwrd" style="color: rgb(0, 0, 255);">"-//W3C//DTD XHTML 1.0 Transitional//EN"</span>
<span class="kwrd" style="color: rgb(0, 0, 255);">"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">html</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">head</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">meta</span> <span class="attr" style="color: rgb(255, 0, 0);">http-equiv</span><span class="kwrd" style="color: rgb(0, 0, 255);">="Content-Type"</span> <span class="attr" style="color: rgb(255, 0, 0);">content</span><span class="kwrd" style="color: rgb(0, 0, 255);">="text/html; charset=ISO-8859-1"</span> <span class="kwrd" style="color: rgb(0, 0, 255);">/></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">title</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>EJBCA Certification Authority<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">title</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">link</span> <span class="attr" style="color: rgb(255, 0, 0);">rel</span><span class="kwrd" style="color: rgb(0, 0, 255);">="stylesheet"</span> <span class="attr" style="color: rgb(255, 0, 0);">href</span><span class="kwrd" style="color: rgb(0, 0, 255);">="styles.css"</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="text/css"</span> <span class="kwrd" style="color: rgb(0, 0, 255);">/></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">script</span> <span class="attr" style="color: rgb(255, 0, 0);">type</span><span class="kwrd" style="color: rgb(0, 0, 255);">="text/javascript"</span> <span class="attr" style="color: rgb(255, 0, 0);">src</span><span class="kwrd" style="color: rgb(0, 0, 255);">="scripts/functions.js"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></</span><span class="html" style="color: rgb(128, 0, 0);">script</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<script type=<span class="str" style="color: rgb(0, 96, 128);">"text/vbscript"</span> src=<span class="str" style="color: rgb(0, 96, 128);">"scripts/functions.vbs"</span>></script>
</head>
<body>
<div <span class="kwrd" style="color: rgb(0, 0, 255);">class</span>=<span class="str" style="color: rgb(0, 96, 128);">"main"</span>>
<div <span class="kwrd" style="color: rgb(0, 0, 255);">class</span>=<span class="str" style="color: rgb(0, 96, 128);">"content"</span>>
<!-- Header -->
<<span class="kwrd" style="color: rgb(0, 0, 255);">object</span> classid=<span class="str" style="color: rgb(0, 96, 128);">"$CLASSID"</span> id=<span class="str" style="color: rgb(0, 96, 128);">"g_objClassFactory"</span>></<span class="kwrd" style="color: rgb(0, 0, 255);">object</span>>
<!-- Updated w CertEnroll <span class="kwrd" style="color: rgb(0, 0, 255);">for</span> Vista
Class ID: {884e2049-217d-11da-b2a4-000e7bbb2b09}
-->
<!-- New updated enrollment activeX-control 2002-09-02 (Q323172)
New Xenroll.dll information:
Class ID: {127698e4-e730-4e5c-a2b1-21490a70c8a1}
sXEnrollVersion=<span class="str" style="color: rgb(0, 96, 128);">"5,131,3659,0"</span>
New Scrdenrl.dll information:
Class ID: {c2bbea20-1f2b-492f-8a06-b1c5ffeace3b}
sScrdEnrlVersion=<span class="str" style="color: rgb(0, 96, 128);">"5,131,3642,0"</span>
-->
<!-- Old Xenroll.dll information:
Class ID: {43F8F289-7A20-11D0-8F06-00C04FC295E1}
Old Scrdenrl.dll information:
Class ID: {80CB7887-20DE-11D2-8D5C-00C04FC29D45}
-->
<script language=<span class="str" style="color: rgb(0, 96, 128);">"VBScript"</span> type=<span class="str" style="color: rgb(0, 96, 128);">"text/vbscript"</span>>
cert = <span class="str" style="color: rgb(0, 96, 128);">"MIICdgYJKoZIhvcNAQcCoIICZzCCAmMCAQExADALBgkqhkiG9w0BBwGgggJLMIIC"</span> & _
<span class="str" style="color: rgb(0, 96, 128);">' This function can be moved to functions.vbs when the header is parsed as jsp
Sub installcertvista
Dim objEnroll
Set objEnroll = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
Call objEnroll.Initialize(1) '</span>EnrollmentContext UserContext
err.clear
On Error Resume Next
Call objEnroll.InstallResponse(0, cert, 6, <span class="str" style="color: rgb(0, 96, 128);">""</span>) <span class="str" style="color: rgb(0, 96, 128);">'AllowNone, , XCN_CRYPT_STRING_BASE64_ANY, pw
If err.number = -2146762487 Then '</span> 0x800b0109 Not trusted root
r = Msgbox(<span class="str" style="color: rgb(0, 96, 128);">"Could not complete the request since, the CAs' certificates were not properly installed."</span>, , <span class="str" style="color: rgb(0, 96, 128);">"Certificate Management"</span>)
ElseIf err.number <> 0 Then
r = Msgbox(<span class="str" style="color: rgb(0, 96, 128);">"The certificate could not be installed"</span>, , <span class="str" style="color: rgb(0, 96, 128);">"Certificate Management"</span>)
Else
r = Msgbox(<span class="str" style="color: rgb(0, 96, 128);">"A new certificate has been installed"</span>, , <span class="str" style="color: rgb(0, 96, 128);">"Certificate Management"</span>)
End If
End Sub
Sub installcert
Err.Clear
On Error Resume Next
g_objClassFactory.acceptPKCS7(cert)
If Err.Number <> 0 Then
r = Msgbox(<span class="str" style="color: rgb(0, 96, 128);">"The certificate could not be installed in this web browser"</span>, , <span class="str" style="color: rgb(0, 96, 128);">"Certificate Management"</span>)
Else
r = Msgbox (<span class="str" style="color: rgb(0, 96, 128);">"A new certificate has been installed"</span>, , <span class="str" style="color: rgb(0, 96, 128);">"Certificate Management"</span>)
End <span class="kwrd" style="color: rgb(0, 0, 255);">if</span>
End Sub
If InStr(navigator.userAgent, <span class="str" style="color: rgb(0, 96, 128);">"Windows NT 6"</span>) <> 0 Then
installcertvista
Else
installcert
End If
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">script</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">h1</span> <span class="attr" style="color: rgb(255, 0, 0);">class</span><span class="kwrd" style="color: rgb(0, 0, 255);">="title"</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>Internet Explorer Certificate enrollment.<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">h1</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">p</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>If the installation was completed without any errors, your certificate has
been installed in your web browser and you may now start using your certificate.<span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">br</span> <span class="kwrd" style="color: rgb(0, 0, 255);">/></span>
You can look at your certificate with <span class="attr" style="color: rgb(255, 0, 0);">"</span><span class="kwrd" style="color: rgb(0, 0, 255);"><</span><span class="html" style="color: rgb(128, 0, 0);">tt</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>Tools-<span class="attr" style="color: rgb(255, 0, 0);">></span>Internet
Options-<span class="attr" style="color: rgb(255, 0, 0);">></span>Content-<span class="attr" style="color: rgb(255, 0, 0);">></span>Certificates<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">tt</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span><span class="attr" style="color: rgb(255, 0, 0);">"</span>.<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">p</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="rem" style="color: rgb(0, 128, 0);"><!-- Footer --></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">div</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">div</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">body</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="kwrd" style="color: rgb(0, 0, 255);"></</span><span class="html" style="color: rgb(128, 0, 0);">html</span><span class="kwrd" style="color: rgb(0, 0, 255);">></span>
<span class="rem" style="color: rgb(0, 128, 0);"><!-- Footer --></span>
<span style="color: rgb(0, 128, 0);">转自:http://www.yeeach.com/?p=949</span>
<span style="color: rgb(0, 128, 0);">
</span>
<span style="color: rgb(0, 128, 0);">======================================================================</span>
<span style="color: rgb(0, 128, 0);">通过这几天的摸索,得出了一个基本的证书模式:</span>
<span style="color: rgb(255, 102, 102);">1)证书的申请、提取必须用同一个客户端(即使同一个电脑不同的客户端发出的申请,不能互相交错提取);</span>
<span style="color: rgb(255, 102, 102);">2)审批通过的字符串,提取,只能提取一次,再次提取就会报错。</span>
<span style="color: rgb(255, 102, 102);">以上两点,保证了“证书谁申请谁提取”;“签发过的是一次性的——只能生成一个证书”不能重复利用</span>