Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

working with x509 certificates

working with x509 certificates

working with x509 certificates

I have a VBScript which retrieves user records from Active Directory. Some of these users have x509 digital certificates in their records (userCertificate attribute). I am trying to decode this attribute in my VBScript to provide meaningful information, such as IssueDate, ExpiryDate, IssuingCA, etc....
Most references I can find are old and refer to a CAPICOM library. Microsoft has now deprecated this library, in favor of .NET - no surprise. I cannot find any examples of VBS which use the X509Certificate(2) class.
Any suggestions are appreciated.

RE: working with x509 certificates

Progress. I am into the world of using a COM object within VBscript. Below is a snippet of my vbs code. The line that calls the Import method errors out with "Run-time error '5': Invalid procedure call or argument". While debugging, I have confirmed that my byte array (ba) does contain the correct 1098 bytes (my certificate). Due to my lack of experience with using COM objects, I'm sure my issue lies there. I am grateful for any suggestions.

CODE --> vbscript

Dim ba() As Byte
Dim cert
Set cert = CreateObject("System.Security.Cryptography.X509Certificates.X509Certificate")
cert.Import ba

RE: working with x509 certificates

> Due to my lack of experience with using COM objects

Trouble is you are actually using .net ...

RE: working with x509 certificates

Hi, and thanks for the note, but I don't fully understand your comment.
My past VBscript needs have never required using external functionality. With this current project, I found examples of using the Set var = CreateObject("...") code, and those examples referred to this as "using a COM object". If I should have said "using .Net", than that is what I meant. smile

At this point, I really think I could be close to a solution, I just don't know how to correctly use this class (System.Security.Cryptography.X509Certificates.X509Certificate) and cannot find any examples of VBscript that do use it.


RE: working with x509 certificates

Well I don't use COM either. After doing some quick searches it appears you may/would need to use PowerShell instead of vbscript.

Maybe these sites can better help you:



Good luck

After pondering the riddle (for many years I might add) I finally got the answer (inadvertently through a movie): "If a tree falls in the forest and no one is around, does it make a sound?"

RE: working with x509 certificates

Hey, thanks for the tips. The first link is for an ActiveX object called Chilcat Cert. Unfortunately, I need my solution to work in a large organization (thousands of workstations), and it is not an option to install additional elements. My solution needs to run in vanilla vbscript.

The second link you provided is giving me food for thought however. It uses PowerShell, which is not an option for me to use (see reason above), but there are some tips on this page about using the native .Net class.

Cheers, and thanks again.

RE: working with x509 certificates

To clarify my earlier comment.

You are using COM - but it is .NET that you are actually calling; a certain number of .NET assemblies provide a COM interface. But that COM interface is slightly unusual because what you are fundamentally calling is .NET code

In particular, .NET has overloaded functions/methods (functions with the same name that do different things based on exactly what parameters are passed to it). COM, on the other hand, does not support function overloading, which means you only get direct access to the default .NET function with that name (the technical explanation is that the IDispatch interface - COM - relies solely on method name for binding, rather than the complete method signature as used by .NET)

In this case, the default function called import is not the one that takes a raw byte array as a parameter, hence you code fails with the error that you have reported.

Now, whilst there are ways of using those overloaded, non-default .NET functions they further rely on the method taking parameter types that VBScript speaks (or being so configured to translate to the correct type if necessary).

As yet I have not been able to trick the Import method into working with either a byte array nor a string. I think you may be out of luck with this approach. Frankly it is rather unfortunate that MS dropped support for CAPICOM without replacing it with something that can be scripted relatively easily; maybe they were concerned about security.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close