The ISmsMessage4::VerifyServerSignature method, in Configuration Manager, verifies the signature of the payload of a reply message.
[IDL] HRESULT VerifyServerSignature( MPAPI_CERT_STORE_LOCATION StoreLocation, LPCWSTR szStoreName );
- Data type: MPAPI_CERT_STORE_LOCATIONQualifiers: [in]The location of the store. Possible values are defined for MPAPI_CERT_STORE_LOCATION Enumeration.
- Data type: LPCWSTRQualifiers: [in]Null-terminated string specifying the store name.
An HRESULT code. Possible values include, but are not limited to, the following:
- The method succeeded.
This method is applicable to both mixed and native security modes.
The certificate store must contain the public portion of the certificates for all management points that can possibly receive the message.
The method used to get the store name depends on whether you are using mixed mode or native mode security.
If you are running in mixed-mode, you use the custom identifier (OID) / Friendly name obtained from the following location in the Configuration Manager store.
CERT_FRIENDLY_NAME_PROP(11) SMS Signing Certificate
The required enhanced key usage is 220.127.116.11.4.1.311.101.
For more information, see http://go.microsoft.com/fwlink/?LinkId=110488.
If you are running in mixed mode, you can use the certificate on the Internet Information Services (IIS) Web site that the Configuration Manager 2007 management point uses.
To get the certificate, do the following:
Get the certificate store
Look up certificate store by getting the management point Web site from the registry location HKEY_LOCAL_MACHINE\Software\\Microsoft\\SMS\\IIS\ MPCWSPath. Then, get the certificate store using the IMSAdminBase http://go.microsoft.com/fwlink/?LinkId=110490 interface. The identifier for the store is 5511.
Get the certificate hash
To get the hash, use the IMSAdminBaseInterface. The identifier for the hash is 5506.
Get the certificate
Use the CertOpenStore (http://go.microsoft.com/fwlink/?LinkId=110491) to open the store, and then use CertEnumCertificatesInStore (http://go.microsoft.com/fwlink/?LinkId=110492) method to look up the certificate context. Finally use CertFindCertificateInStore (http://go.microsoft.com/fwlink/?LinkId=110494) to get the certificate.
|If you are using Network Load Balancing (NLB), provide the certificate for each computer in the NLB cluster.|
Send comments about this topic to Microsoft.