问题
I am using the following code to import a certificate as a trusted root:
#include "stdafx.h"
#include "windows.h"
#include "Cryptuiapi.h"
#pragma comment(lib, "Cryptui.lib")
int _tmain(int argc, _TCHAR* argv[]){
CRYPTUI_WIZ_IMPORT_SRC_INFO importSrc;
memset(&importSrc, 0, sizeof(CRYPTUI_WIZ_IMPORT_SRC_INFO));
importSrc.dwSize = sizeof(CRYPTUI_WIZ_IMPORT_SRC_INFO);
importSrc.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_FILE;
importSrc.pwszFileName = L“C:\\PathToCert\\MyCertificate.cer”;
importSrc.pwszPassword = L"";
importSrc.dwFlags = CRYPT_EXPORTABLE | CRYPT_USER_PROTECTED;
if (CryptUIWizImport(
CRYPTUI_WIZ_NO_UI,
NULL,
NULL,
&importSrc,
NULL
) == 0)
{
printf(“CryptUIWizImport error 0x%x\n”, GetLastError());
}
return 0;
}
However, this approach imports my certificate as a Intermediate Certificate Authorities while I need to import it as a Trusted Root Certificate Authorities. I do not want to use any wizard approach and I can not change my certificate.
Is it possible to import this certificate as a trusted root?
Is there any property in CryptUIWizImport to set the certificate type as the trusted root?
Thanks in advances
回答1:
We should execute a batch file command from inside the C++ code:
#include "stdafx.h";
#include "windows.h"
#include "Cryptuiapi.h"
#include <iostream>
#include <string>
using namespace std;
#pragma comment(lib,"Cryptui.lib")
int _tmain(int argc, _TCHAR* argv[])
{
char buffer[MAX_PATH];
GetModuleFileNameA(NULL, buffer, MAX_PATH);
string::size_type pos = string(buffer).find_last_of("\\/");
string myPath = string(buffer).substr(0,pos);
string myCommand = "certutil -addstore -f -enterprise -user root \""+myPath+"\\IRIPO CA.cer\"";
system(myCommand.c_str());
return 0;
}
Note that the certificate file should be put next to the exe file.
来源:https://stackoverflow.com/questions/36673163/import-a-certificate-using-cryptuiwizimport-automatically-as-a-trusted-root-with