The ISmsMessage4::VerifyServerSignature method, in Configuration Manager, verifies the signature of the payload of a reply message.

[IDL]
HRESULT VerifyServerSignature(
	 MPAPI_CERT_STORE_LOCATION  StoreLocation,
	 LPCWSTR  szStoreName
);

Parameters

StoreLocation


Data type: MPAPI_CERT_STORE_LOCATIONQualifiers: [in]The location of the store. Possible values are defined for MPAPI_CERT_STORE_LOCATION Enumeration.
szStoreName


Data type: LPCWSTRQualifiers: [in]Null-terminated string specifying the store name.

Return Values

An HRESULT code. Possible values include, but are not limited to, the following:

S_OK


The method succeeded.

Remarks

This method is applicable to both mixed and native security modes.

The certificate store must contain the public portion of the certificates for all management points that can possibly receive the message.

The method used to get the store name depends on whether you are using mixed mode or native mode security.

Mixed Mode

If you are running in mixed-mode, you use the custom identifier (OID) / Friendly name obtained from the following location in the Configuration Manager store.

  Copy Code
CERT_FRIENDLY_NAME_PROP(11) 
 SMS Signing Certificate

The required enhanced key usage is 1.3.6.1.4.1.311.101.

For more information, see http://go.microsoft.com/fwlink/?LinkId=110488.

Native Mode

If you are running in mixed mode, you can use the certificate on the Internet Information Services (IIS) Web site that the Configuration Manager 2007 management point uses.

To get the certificate, do the following:

Get the certificate store

Look up certificate store by getting the management point Web site from the registry location HKEY_LOCAL_MACHINE\Software\\Microsoft\\SMS\\IIS\ MPCWSPath. Then, get the certificate store using the IMSAdminBase http://go.microsoft.com/fwlink/?LinkId=110490 interface. The identifier for the store is 5511.

Get the certificate hash

To get the hash, use the IMSAdminBaseInterface. The identifier for the hash is 5506.

Get the certificate

Use the CertOpenStore (http://go.microsoft.com/fwlink/?LinkId=110491) to open the store, and then use CertEnumCertificatesInStore (http://go.microsoft.com/fwlink/?LinkId=110492) method to look up the certificate context. Finally use CertFindCertificateInStore (http://go.microsoft.com/fwlink/?LinkId=110494) to get the certificate.

Note
If you are using Network Load Balancing (NLB), provide the certificate for each computer in the NLB cluster.

Requirements

See Also


Send comments about this topic to Microsoft.