Active Directory Certificate Services offers a web service that implements MS-XCEP and MS-WSTEP for non-domain connected puters to submit a certificate request.
This certificate can be used for digital signatures, encryption, and more.
Is there a WSDL I can use to interact with these web services? How should I interact with them in C# or Javascript?
Active Directory Certificate Services offers a web service that implements MS-XCEP and MS-WSTEP for non-domain connected puters to submit a certificate request.
This certificate can be used for digital signatures, encryption, and more.
Is there a WSDL I can use to interact with these web services? How should I interact with them in C# or Javascript?
Share Improve this question edited Jun 25, 2018 at 12:43 user7637745 9852 gold badges14 silver badges27 bronze badges asked Feb 28, 2015 at 20:12 makerofthings7makerofthings7 61.5k57 gold badges229 silver badges461 bronze badges 2- 3 Each protocol specification you referenced ([MS-XCEP] and [MS-WSTEP]) has appnedix with full WSDL: msdn.microsoft./en-us/library/dd304853.aspx and msdn.microsoft./en-us/library/dd357987.aspx. Isn't this sufficient? – Crypt32 Commented Dec 8, 2015 at 20:30
- While WSDL is provided by @Crypt32, logically you'd need to: 1. Create PKCS10 CSR 2. Package that as PKCS7 encrypting this as an address to the RA certificate 3. Use webservice to submit the package 4. Retrieve and validate the result – zaitsman Commented Nov 15, 2017 at 3:12
1 Answer
Reset to default 1WCF provides configuration options for a variety of web service connections. From past experience, I required a WSDL from the client I was connecting to - this generated the function call stubs. I then had to "describe" the munication mechanism through the web.config. At runtime, WCF will automatically generate the envelope for you.
Using WCF's message tracing you will be able to see the envelopes - this will allow you to verify if the message structure is close to the examples provided in the MS documentation. You may have to "inject" into the envelope construction process to provide custom attributes, but if this is a standard AD implementation these modifications would not be required.
If you're still failing to receive meaningful output from the connection after that, reach out to the AD admin team, as they may know clients who have successfully connected and/or the meaning of obscure error messages you're receiving.
No idea on Javascript, I think it would be a lot of work to manually construct the envelope and handle the output ing back - MS already provides a wealth of support for the plex data structures required.