none
Wrap default enterprise CA policy module

    Question

  • I am creating a custom policy module using c# for an Enterprise CA.  I would like my custom policy module to wrap the default policy module relieving me from the requirement to implement all of the default policy module functionality in my custom policy module.  The following is my first attempt to implement this in my VerifyRequest method:

    public int VerifyRequest(

        string strConfig,

        int Context,

        int bNewRequest,

        int Flags)

    {

    CCertPolicy policy = new CCertPolicy();

    policy.Initialize(strConfig);

    int retval = policy.VerifyRequest(strConfig, Context, bNewRequest, Flags);

    // Implement my custom code here to do what I want

    return retval;

    }

    All requests processed by the above code are going into the "Pending Requests" bucket requiring manual approval.  This is against how the template is configured implying that my attempt to wrap the default policy module is not working correctly.

    Is what I am trying to do even possible?

    If so, what about my code needs to change to appropriately wrap the Enterprise default policy module?

    Do I need to manually alter strConfig to indicate that the request needs to be handled like an Enterprise default policy module?

    Thanks for your help!

    Ken


    • Edited by kennj Tuesday, September 10, 2013 8:11 PM
    Tuesday, September 10, 2013 7:36 PM

All replies

  • Hi,

    Thank you for your question.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.


    Vivian Wang
    TechNet Community Support

    Thursday, September 12, 2013 3:28 AM
  • HI,

    thanks for posting here. Please take a look at following article.

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa388216(v=vs.85).aspx


    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, September 16, 2013 2:27 AM
  • Yep, I saw that before.  Particularly troubling was the following statement:

        An enterprise certification authority (CA) should use only the Microsoft-provided enterprise policy module

    This is why I thought if I could wrap the default policy module with my custom policy module, I could make sure my policy module implements all of the "default" behavior.  There is no way I would attempt to re-create all of that functionality.

    Tuesday, September 17, 2013 8:09 PM
  • HI,

    To such  issue, it is not an efficient way to work in this community since we may need more resources,  I’d like to suggest that you submit a service request to MS Professional tech support service so that a dedicated Support Professional can further assist with this request.

    Please visit the below link to see the various paid support options that are available to better meet your needs. http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone 


    Best regards, Jason Mei Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, September 18, 2013 9:45 AM