微软的ICEnroll接口中提供了createPKCS10,acceptPKCS7方法来创建证书,安装证书功能。在ICEnroll3接口中提供了InstallPKCS7,可以使用它来安装根证书。
只自动导入根证书。
<%
StringTokenizer st = null;
String line = null;
// ------------------------------------------------------------- 返回CA证书内容 >>>
String server_cert = "开始用openssl生成的根证书内容";
if (StringUtils.isBlank(server_cert)) {
throw new BusinessException("读取CA证书失败");
}
// 这里的这些操作,是为了生成vbscript中证书内容的变量定义
String pkcs7ca = "sPKCS7ca=\"\" & vbcrlf\r\n";
st = new StringTokenizer(server_cert, "\r\n");
while (st.hasMoreTokens()) {
line = st.nextToken();
if (line.equals("\r\n"))
continue;
pkcs7ca += "sPKCS7ca=sPKCS7ca & \"" + line + "\" & vbcrlf\r\n";
}
%>
<OBJECT id=XEnroll codeBase=xenroll.dll classid=clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1></OBJECT>
<SCRIPT type=text/vbscript>
ON ERROR resume next
<%=pkcs7ca%>
XEnroll.InstallPKCS7 sPKCS7ca
If err.number = 438 then
msgbox err.description & err.number
Elseif err.number <> 0 then
msgbox err.description & err.number
Else
msgbox "根证书安装成功"
End If
</SCRIPT>