[python-win32] win32crypt.PFXImportCertStore()
Steven Manross
steven at manross.net
Wed Sep 25 00:33:17 EDT 2024
Note to self…. Don’t give up 😊 I found some c++ code and adapted it.
https://www.sysadmins.lv/retired-msft-blogs/alejacma/how-to-import-a-certificate-without-user-interaction-cpp-csharp.aspx
This is left here in case anyone else is looking to do what I was trying to.
# brief outline new code
cryptui = ctypes.WinDLL('CryptUI.dll')
def import_pfx():
# Open the cert store you want to import to… in my case “local_machine\My”
hMyCertStore = crypt32.CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, None, CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_MAXIMUM_ALLOWED_FLAG, "My")
if not hMyCertStore:
print("Error: CertOpenStore(MY) failed")
return False
# create the necessary information for the import_src struct
dwImportFlags = CRYPT_MACHINE_KEYSET | CRYPT_EXPORTABLE
import_src = CRYPTUI_WIZ_IMPORT_SRC_INFO()
import_src.dwSize = ctypes.sizeof(CRYPTUI_WIZ_IMPORT_SRC_INFO)
import_src.dwSubjectChoice = CRYPTUI_WIZ_IMPORT_SUBJECT_FILE
import_src.pwszFileName = "c:\\certs\\my.pfx"
import_src.pwszPassword = "supersecretpassword"
import_src.dwFlags = dwImportFlags
# Call the CryptUIWizImport API
result = cryptui.CryptUIWizImport(
CRYPTUI_WIZ_NO_UI,
None,
None,
ctypes.byref(import_src),
hMyCertStore # define the cert store you want to import to
)
# check for errors and then return true on success
return True
From: Steven Manross <steven at manross.net>
Sent: Monday, September 23, 2024 10:24 PM
To: Steven Manross <steven at manross.net>; python-win32 at python.org
Subject: RE: win32crypt.PFXImportCertStore()
Although I would still like to understand what I’m doing wrong in win32crypt, this seems to get me by for now…. 😊 ☹
certutil -f -p "pfxtpassword" -importpfx "c:\scripts\certs\pfxname.pfx” # imports the PFX to the local machine “Personal” certificates store
HTH someone else
Steven
From: python-win32 <python-win32-bounces+steven=manross.net at python.org<mailto:python-win32-bounces+steven=manross.net at python.org>> On Behalf Of Steven Manross
Sent: Sunday, September 22, 2024 1:14 PM
To: python-win32 at python.org<mailto:python-win32 at python.org>
Subject: [python-win32] win32crypt.PFXImportCertStore()
Howdy,
I am trying to import a PFX/P12 certificate to the local machine certificate store and there’s no errors, but it also doesn’t seem to work either.
I’ve left a bit of debugging code in the script to show all the things I’ve tried, but again there’s no errors, and it generates the PyStore object like the docs say it will and I enumerate the certificates in the store with a for loop, BUT it doesn’t seem to add the PFX to the store (or at least I can’t see it in the Certificates MMC app for the local machine).
I can manually import the PFX by using the CryptoAPI “Install PFX” option from the windows explorer shell just fine, but the win32crypt.PFXImportCertStore() call doesn’t error, but it also enumerates the machine store certs without the “newly added” PFX.
# this is output from the script in the for loop at the bottom from the attached python script – these 2 certificates existed prior to the PFX trying to get imported
1 Cert: <PyCERT_CONTEXT object at 0x000001D0103736B0>
2 CertEnumCertificateContextProperties returned: []
3 cert.Subject: w22test001.manross.net
4 cert Serial Number: redacted
5 Issuer: redacted
6 NotBefore: redacted
7 NotAfter: redacted
1 Cert: <PyCERT_CONTEXT object at 0x000001D010373920>
2 CertEnumCertificateContextProperties returned: [2, 11]
3 cert.Subject: w22test001.manross.net
4 cert Serial Number: redacted
5 Issuer: redacted
6 NotBefore: redacted
7 NotAfter: redacted
Please and thank you,
Steven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/python-win32/attachments/20240925/56c5cf37/attachment.html>
More information about the python-win32
mailing list