通过CertEnroll在CA上（1创建证书请求2得到证书3安装证书）

http://www.cnblogs.com/rippleyong/archive/2008/12/15/1355417.html 适用windows server 2008以上

http://www.cnblogs.com/stephenxie/articles/1114804.html

 

 

vc++

BSTR bstrDN = NULL;
BSTR bstrReq = NULL;
BSTR bstrOID = NULL;
ICEnroll4 * pEnroll = NULL;
HRESULT hr;

// initialize COM
hr = CoInitializeEx( NULL, COINIT_APARTMENTTHREADED );
if (FAILED(hr))
{
    printf("Failed CoInitializeEx - %x\n", hr);
    goto error;
}

hr = CoCreateInstance( __uuidof(CEnroll),
       NULL,
       CLSCTX_INPROC_SERVER,
       __uuidof(ICEnroll4),
       (void **)&pEnroll);
if (FAILED(hr))
{
    printf("Failed CoCreateInstance - pEnroll [%x]\n", hr);
    goto error;
}
// generate the DN for the cert request
bstrDN = SysAllocString( TEXT("CN=Your Name")   // common name
      TEXT(",OU=Your Unit")  // org unit
      TEXT(",O=Your Org")    // organization
      TEXT(",L=Your City")   // locality
      TEXT(",S=Your State")  // state
      TEXT(",C=Your Country") );  // country/region
if (NULL == bstrDN)
{
    printf("Memory allocation failed for bstrDN.\n");
    goto error;
}

// generate the OID, for example, "1.3.6.1.4.1.311.2.1.21".
bstrOID = SysAllocString(TEXT("<OIDHERE>"));
if (NULL == bstrOID)
{
    printf("Memory allocation failed for bstrOID.\n");
    goto error;
}

// create the PKCS10
hr = pEnroll->createPKCS10( bstrDN, bstrOID, &bstrReq );
if (FAILED(hr))
{
    printf("Failed createPKCS10 - %x\n", hr);
    goto error;
}
else
// do something with the PKCS10 (bstrReq);

error:

//clean up resources, etc.
if ( bstrDN )
SysFreeString( bstrDN );
if ( bstrOID )
SysFreeString( bstrOID );
if ( bstrReq )
SysFreeString( bstrReq );
if ( pEnroll )
pEnroll->Release();

CoUninitialize();