Hi Deana,
First I have to thank you for your article "Get Expiration Date of this X509v3 Certificate". It really helps me to work with the certificate, it's much easier than using CAPICOM.
In order to get the Thumbprint of the certificate, I tried to use X509Certificate2 (http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.thumbprint(v=vs.110).aspx)
but when I jump to X509Certificate2 in the following command:
X509Certificate2 = ObjectClrNew( 'System.Security.Cryptography.X509Certificates.X509Certificate2' )
I got the Error: 1848: CLR: Type name not found
I do not have any single problem using: (from your script)
X509Certificate = ObjectClrNew( 'System.Security.Cryptography.X509Certificates.X509Certificate' )
What did I do wrong?
FYI I use WinBatch 2013B version.
Thanks Deana for any help.
The class implementation is in a different assembly so
ObjectClrOption("use", "System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089")
X509Certificate2 = ObjectClrNew( 'System.Security.Cryptography.X509Certificates.X509Certificate2' )
Thanks so much TD for your help. It really works.
But after taht I have problem with the next command.
My goal is to translate the following PowerShell script (that works correctly) to a WinBatch script (this one is just a short section of a long script)
=================
PS U:\> $certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
PS U:\> $certPrint.import('d:\abcd.der')
PS U:\> $certprint.thumbprint
228EEE8099917D29735DF6B0B254AD79866D266E
=================
; with the following WinBatch
ObjectClrOption("use", "System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089")
X509Certi2 = ObjectClrNew( 'System.Security.Cryptography.X509Certificates.X509Certificate2' )
cert2 = X509Certi2.import('d:\abcd.der');
thumb = cert2.Thumbprint
===================
at the command:
cert2 = X509Certi2.import('d:\abcd.der');
I got Error 1258: OLE: Unknown name
But Import method is legal
(http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.import.aspx)
What did I miss. Is the way I try to get the thumbprint is valid with WinBatch?
Thanks again for your help.
I suspect you need to uppercase the I in import. (http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.import.aspx)
cert2 = X509Certi2.Import('...
The WinBatch code would look something like this:
derfile = 'd:\abcd.der'
ObjectClrOption("use", "System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089")
X509Certi2 = ObjectClrNew( 'System.Security.Cryptography.X509Certificates.X509Certificate2' )
If FileExist(derfile )
X509Certi2.Import(derfile)
thumb = X509Certi2.Thumbprint
Pause('Thumbprint', thumb)
Endif
Exit
I really don't know how to thank you Dean.
Your code works perfectly! :)
If instead of extracting the thumbprint from an external cert file, we want to get it from the Active Directory, can we somehow as for the CERTUTIL provide the path that have the following format:
"ldap:///CN=aaa\, bbb,OU=A1Users,OU=OrangeCounty,OU=AMER,OU=Regions,DC=zzz,DC=xxx,DC=com?usercertificate?base?objectclass=user"
I tried:
X509Certi2.Import('ldap:///CN=aaa\, bbb,OU=A1Users,OU=OrangeCounty,OU=AMER,OU=Regions,DC=zzz,DC=xxx,DC=com?usercertificate?base?objectclass=user')
and
X509Certi2.Import('ldap:///CN=aaa\, bbb,OU=A1Users,OU=OrangeCounty,OU=AMER,OU=Regions,DC=zzz,DC=xxx,DC=com')
in both I got Error 1298: Ole: Error code not recognized
CertUtil does not provide the the thumbprint --- at least I could not find it.
Thanks again Deana for your very precious help.
Not sure. Maybe using COM. The code might looks something like this:
objUserTemplate = ObjectGet("LDAP://cn=Sample,OU=Management,dc=NA,dc=fabrikam,dc=com") ;!!! MODIFY TO FIT YOUR NEEDS
arrUserCertificates = objUserTemplate.GetEx("userCertificate")
Quote from: hienpham on October 25, 2013, 02:30:38 PM
I really don't know how to thank you Dean.
Your code works perfectly! :)
If instead of extracting the thumbprint from an external cert file, we want to get it from the Active Directory, can we somehow as for the CERTUTIL provide the path that have the following format:
"ldap:///CN=aaa\, bbb,OU=A1Users,OU=OrangeCounty,OU=AMER,OU=Regions,DC=zzz,DC=xxx,DC=com?usercertificate?base?objectclass=user"
I tried:
X509Certi2.Import('ldap:///CN=aaa\, bbb,OU=A1Users,OU=OrangeCounty,OU=AMER,OU=Regions,DC=zzz,DC=xxx,DC=com?usercertificate?base?objectclass=user')
and
X509Certi2.Import('ldap:///CN=aaa\, bbb,OU=A1Users,OU=OrangeCounty,OU=AMER,OU=Regions,DC=zzz,DC=xxx,DC=com')
in both I got Error 1298: Ole: Error code not recognized
CertUtil does not provide the the thumbprint --- at least I could not find it.
Thanks again Deana for your very precious help.
Putting it all together: you get the following
; Get a user certificate using one of our test server VMs.
strUserPath = "LDAP://shamrock/CN=Bob Smith,CN=Users,DC=jclass,DC=org"
; Get the certificate from a AD test user account.
objLdap = GetObject("LDAP:")
objUser = objLdap.OpenDSObject(strUserPath, "shamrock\GuessWho","*TopSecret*", 1)
; Or the following when credentials not required.
;;; objUser = ObjectGet(strUserPath)
aCert = objUser.Get("userCertificate") ; Returns a byte array.
; Get an instance of our Handy-dandy FCL class.
ObjectClrOption("use", "System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089")
objCert2 = ObjectClrNew( 'System.Security.Cryptography.X509Certificates.X509Certificate2' )
; Overloaded method accepts byte array as parameter.
objCert2.Import(aCert)
strThumb = objCert2.Thumbprint
Pause('Certificate Thumbprint', strThumb)
Thanks TD, Your script works perfectly well. It's exactly what we need.
I have to learn more about using the ObjectClr set of commands.
Thanks again TD and Deana.