Configuring Enroll.exe

Several details of the enrollment can be configured without modifying the source code of Enroll.exe. These options are specified in the sample configuration file, Enroll.cfg. This file is passed as a command line parameter to Enroll.exe. You can find the configuration file in the %_WINCEROOT%\Public\Common\Sdk\Samples\Enroll directory.

The following table shows the supported options in the configuration file and specifies the default values of Enroll.exe.

Option Description Default Value
SERVER Name of the Internet Information Server (IIS) Web server front end to the certificate authority. No default value. You must provide the server name.
USERNAME User requesting the certificate (domain\user). No default value. You must provide the user name in the domain\userName format.
PASSWORD User password. This is mainly for testing purposes. For security reasons, storing the password is not recommended.
CERT_STORE Name of the CryptoAPI system certificate store where the certificate will be saved. MY
KEY_CONTAINER_NAME Name of CryptoAPI key container. enroll
KEY_PROVIDER_NAME Name of cryptographic service provider to use. Default PROV_RSA_FULL cryptographic service provider type. In most cases this is the Microsoft Enhanced Cryptographic Provider 1.0.
DW_KEY_SPEC Type of public key to use. The valid values are 1 and 2.

1: Key Exchange

2: Signature

2
DW_FLAGS Hexadecimal flags passed in to CryptGenKey. You can combine flags using the | operator. The flags that may be of interest are 0x1 and 0x2.

0x00000001: CRYPT_EXPORTABLE

0x00000002: CRYPT_USER_PROTECTED

0
DW_PROV_TYPE Parameter to CryptAcquireContext specifying the type of cryptographic service provider. The valid values are 1, 2, and 3.

1: PROV_RSA_FULL

2: PROV_RSA_SIG

3: PROV_DSS

1
CERT_TEMPLATE Specifies the certificate template. This value is used in CertAttrib parameter of the certificate request. For additional information, see Modifying the ASP Page. ClientAuth
CERT_CHAIN Specifies the certificate requested. The valid values are 0 and 1.

0: Retrieve only the requested certificate

1: Retrieve the certificate and the chain.

1
CERT_ATTRIBS Additional attributes used in the CertAttrib parameter of the certificate request. The values must be URL encoded. For additional information, see Modifying the ASP Page. No default value.
CERT_REQ_PAGE Page the receives the certificate request. /certsrv/certfnsh.asp
CERT_PICKUP_TEMPLATE Template used to retrieve the issued certificate. The %i represents the request number. /certsrv/certnew.cer?ReqId=%i&Enc=b64
CERT_PICKUP_CHAIN_TEMPLATE Template used to retrieve the issued certificate chain. The %i represents the request number. /certsrv/certnew..p7b?ReqId=%i&Enc=b64

The following command line causes Enroll.exe to read the configuration values from the configuration file Enroll.cfg:

Enroll –f<path>enroll.cfg

You must specify the correct configuration options, including the name of the certificate server. To use the configuration file, you must have the configuration file on the device.

**Note   **When you create an image that includes Enroll.exe, the sample configuration file, Enroll.cfg, is not included in the image by default. You have to add the configuration file to the device by modifying the appropriate bib file.

See Also

Enrolling for a Certificate | Modifying the ASP Page

Last updated on Wednesday, April 13, 2005

© 2005 Microsoft Corporation. All rights reserved.