CertOpenStore: Problem opening user certificates on a remote computer

I trying to open certificates on a remote computer using the
CertOpenStore API function. I want to read the certificates held in the
personal store for a particular user. My code works for Win NT, but for
Windows 2000 or higher, the certificate store opens but with no
certificates.

I know there are certificates in the personal certificate store for the
user I looking at, as MMC shows me them all.

I found that certificates on Windows 2000 or higher get written to
users home directory, rather than stored in the registry. But according
to MSDN this shouldn't make a difference.

If I query the personal certificate store of the user on the machine
directly I can see the certificates, but as soon as I try do it
remotely the store is empty.

Is there a bug that exists when open stores remotely on Win 2000 and
higher?

I have included a snippet of my code to open the store remotely

CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0,
NULL,
CERT_SYSTEM_STORE_USERS | CERT_STORE_READONLY_FLAG |
CERT_STORE_OPEN_EXISTING_FLAG,
"\\\\computerName\\user_SID\\MY"))


Thanks for your help

Re: CertOpenStore: Problem opening user certificates on a remote computer

Roh wrote:
> If I query the personal certificate store of the user on the machine
> directly I can see the certificates, but as soon as I try do it
> remotely the store is empty.
> Is there a bug that exists when open stores remotely on Win 2000 and
> higher?
> I have included a snippet of my code to open the store remotely
> CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0,
> NULL,
> CERT_SYSTEM_STORE_USERS | CERT_STORE_READONLY_FLAG |
> CERT_STORE_OPEN_EXISTING_FLAG,
> "\\\\computerName\\user_SID\\MY"))

Did you authorize first?

Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain

Re: CertOpenStore: Problem opening user certificates on a remote computer

Volker,

Yes, the user in particular that I'm trying to examine their personal
certificate store, is authorized before with a NetUseAdd command, and
this works on WIN NT 4.0.

Or is there some other way that I should be authorizing for Win 2000 or
higher?

Cheers

Re: CertOpenStore: Problem opening user certificates on a remote computer

NeonCarnage wrote:
> Yes, the user in particular that I'm trying to examine their personal
> certificate store, is authorized before with a NetUseAdd command, and
> this works on WIN NT 4.0.
> Or is there some other way that I should be authorizing for Win 2000 or
> higher?

According to:

http://msdn.microsoft.com/library/en-us/seccrypto/security/c ertopenstore.asp

I see a bug in your call:

| hCryptProv
| [in] This parameter is not used and should be set to NULL.
|
| Windows Server 2003, Windows XP, and Windows 2000: A handle to a
| cryptographic provider. Passing NULL for this parameter causes an
| appropriate, default provider to be used. Using the default
| provider is recommended. The default or specified cryptographic
| provider is used for all store functions that verify the signature
| of a subject certificate or CRL.
|
| This parameter's data type is HCRYPTPROV.

Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain

Re: CertOpenStore: Problem opening user certificates on a remote computer

Volker,

The third parameter hCryptProv is NULL, I have included the function
call again below for you to see.

CertOpenStore(
CERT_STORE_PROV_SYSTEM_A,
0,
NULL,
CERT_SYSTEM_STORE_USERS | CERT_STORE_READONLY_FLAG |
CERT_STORE_OPEN_EXISTING_FLAG,
"\\\\computerName\\user_SID\\MY"))


So I don't think this is the problem

Any other ideas?

Regards
NC

Re: CertOpenStore: Problem opening user certificates on a remote computer

NeonCarnage wrote:
> Any other ideas?

Did you try out the example code at the bottom of page
http://msdn.microsoft.com/seccrypto/security/certopenstore.a sp ?

Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain