Yesterday at work I needed to write a script to check if an SSL certificate was present in the user’s store and – if not – to automatically import it…
CAPICOM is an ActiveX control that exposes, via Microsoft COM, a set of functions from the Windows CryptoAPI.
In VBScript, we can therefore call the CreateObject to get an instance of its store object:
Set store = CreateObject("CAPICOM.Store")
Using the open method, we can now open a given store.
The stores available are defined by constants:
Const CAPICOM_MEMORY_STORE = 0 Const CAPICOM_LOCAL_MACHINE_STORE = 1 Const CAPICOM_CURRENT_USER_STORE = 2 Const CAPICOM_ACTIVE_DIRECTORY_USER_STORE = 3 Const CAPICOM_SMART_CARD_USER_STORE = 4
so the different open modes:
Const CAPICOM_STORE_OPEN_READ_ONLY = 0 Const CAPICOM_STORE_OPEN_READ_WRITE = 1 Const CAPICOM_STORE_OPEN_MAXIMUM_ALLOWED = 2 Const CAPICOM_STORE_OPEN_EXISTING_ONLY = 128 Const CAPICOM_STORE_OPEN_INCLUDE_ARCHIVED = 256
For example, let’s open the user’s personal (“My“) store in read only:
store.Open CAPICOM_CURRENT_USER_STORE, "My", CAPICOM_STORE_OPEN_READ_ONLY
Now we can obtain the certificates and, for each of them, print its SubjectName:
For Each cert In store.CERTIFICATES WScript.Echo cert.SubjectName Next
or use the available methods to import, export, delete the certificates…