Configuring Enroll.exe
Several details of the enrollment can be configured without modifying the source code of Enroll.exe. These options are specified in the sample configuration file, Enroll.cfg. This file is passed as a command line parameter to Enroll.exe. You can find the configuration file in the %_WINCEROOT%\Public\Common\Sdk\Samples\Enroll directory.
The following table shows the supported options in the configuration file and specifies the default values of Enroll.exe.
| Option | Description | Default Value |
|---|---|---|
| SERVER | Name of the Internet Information Server (IIS) Web server front end to the certificate authority. | No default value. You must provide the server name. |
| USERNAME | User requesting the certificate (domain\user). | No default value. You must provide the user name in the domain\userName format. |
| PASSWORD | User password. | This is mainly for testing purposes. For security reasons, storing the password is not recommended. |
| CERT_STORE | Name of the CryptoAPI system certificate store where the certificate will be saved. | MY |
| KEY_CONTAINER_NAME | Name of CryptoAPI key container. | enroll |
| KEY_PROVIDER_NAME | Name of cryptographic service provider to use. | Default PROV_RSA_FULL cryptographic service provider type. In most cases this is the Microsoft Enhanced Cryptographic Provider 1.0. |
| DW_KEY_SPEC | Type of public key to use. The valid values are 1 and 2.
1: Key Exchange 2: Signature |
2 |
| DW_FLAGS | Hexadecimal flags passed in to CryptGenKey. You can combine flags using the | operator. The flags that may be of interest are 0x1 and 0x2.
0x00000001: CRYPT_EXPORTABLE 0x00000002: CRYPT_USER_PROTECTED |
0 |
| DW_PROV_TYPE | Parameter to CryptAcquireContext specifying the type of cryptographic service provider. The valid values are 1, 2, and 3.
1: PROV_RSA_FULL 2: PROV_RSA_SIG 3: PROV_DSS |
1 |
| CERT_TEMPLATE | Specifies the certificate template. This value is used in CertAttrib parameter of the certificate request. For additional information, see Modifying the ASP Page. | ClientAuth |
| CERT_CHAIN | Specifies the certificate requested. The valid values are 0 and 1.
0: Retrieve only the requested certificate 1: Retrieve the certificate and the chain. |
1 |
| CERT_ATTRIBS | Additional attributes used in the CertAttrib parameter of the certificate request. The values must be URL encoded. For additional information, see Modifying the ASP Page. | No default value. |
| CERT_REQ_PAGE | Page the receives the certificate request. | /certsrv/certfnsh.asp |
| CERT_PICKUP_TEMPLATE | Template used to retrieve the issued certificate. The %i represents the request number. | /certsrv/certnew.cer?ReqId=%i&Enc=b64 |
| CERT_PICKUP_CHAIN_TEMPLATE | Template used to retrieve the issued certificate chain. The %i represents the request number. | /certsrv/certnew..p7b?ReqId=%i&Enc=b64 |
The following command line causes Enroll.exe to read the configuration values from the configuration file Enroll.cfg:
Enroll –f<path>enroll.cfg
You must specify the correct configuration options, including the name of the certificate server. To use the configuration file, you must have the configuration file on the device.
**Note **When you create an image that includes Enroll.exe, the sample configuration file, Enroll.cfg, is not included in the image by default. You have to add the configuration file to the device by modifying the appropriate bib file.
See Also
Enrolling for a Certificate | Modifying the ASP Page
Last updated on Wednesday, April 13, 2005
© 2005 Microsoft Corporation. All rights reserved.