(Engine-Level Function)
| Description: | Enumerates X.509 certificates in a certificate store resident on the local computer. |
| Returns: | An array of structures, with each structure representing key fields from a certificate. |
Usage:  |
Script Only. |
| Function Groups: | Certificates |
| Related to: | AddCertificate | CheckCertificateChain | FindCertificate | GetCertificateInfo | MakeSelfSignedCertificate | RemoveCertificate | SetCertificateProperty |
| Format: |
ListCertificates(UseMachineStore, StoreName[, ExtendedKeyUsage, Issuer, RequirePrivateKey, ]) |
| Parameters: |
| UseMachineStore |
| Required Boolean. If TRUE, enumerates certificates from the Personal store in the Local Computer's certificate collection. If FALSE enumerates certificates from the Personal store of the Current User. |
| StoreName |
| Required text. The name of the certificate store to list. |
| ExtendedKeyUsage |
| Optional text. If valid, this must be an Object Identifier (OID) for an extended key usage. This allows you to filter the returned list of certificates by extended key usage (EKU). For example, "1.3.6.1.5.5.7.3.1" is the OID for an EKU allowing server authentication. |
| Issuer |
| Optional text. If valid, specifies the name of a certificate issuer. This allows you to filter the returned list of certificates by issuer. |
| RequirePrivateKey |
| Optional Boolean. If TRUE, only returns certificates for which you hold a private key. Defaults to FALSE. |
| Comments |
ListCertificates will return certificates that have either expired or are not yet valid. The array of information returned is an array of structures, with one structure per certificate that meets the supplied criteria. The structure has the following members: FriendlyName Text. The friendly name of the certificate. Name Text. The Common Name of the certificate. Description Text. The description of the certificate. Country Text. The country code (e.g. CA, GB). State-Province Text. The state/province on the certificate. Locality Text. The locality on the certificate (e.g. town). Organization Text. The organization the certificate is issued to. OrganizationUnit Text. The organization unit the certificate is issued to. Issuer Text. The Common Name of the certificate issuer. Serial Text. The certificate serial number. ValidFrom Double. VTScada timestamp of the certificate start date/time. ValidTo Double. VTScada timestamps of the certificate end date/time. EKU Array. Each Extended Key Usage on the certificate is stored as a text OID in its array element. SHA1Thumbprint A binary buffer holding the computed SHA1 thumbprint of the certificate. This will match with the thumbprint that the Windows certificate dialog’s Details tab displays. SHA256Thumbprint A binary buffer holding the computed SHA256 thumbprint of the certificate. AlternateNames A structure with the following members, extracted from the Subject Alternative Name certificate extension:
Blob The DER-binary encoded certificate. PublicKey The public key of the certificate. This is held in a VTScada cryptographic key value and may be used as an input parameter to appropriate VTScada cryptographic statements. PrivateKey The private key of the certificate, if one is stored on this computer and the current user has permission to access it. This is held in a VTScada cryptographic key value and may be used as an input parameter to appropriate VTScada cryptographic statements. If the user has insufficient permission or there is no private key, Invalid is stored here. |
Example:
CertificateData = ListCertificates(FALSE, { User store }
"My", { Which user store }
\szOID_PKIX_KP_CLIENT_AUTH,{ Suitable for client identity authentication }
Invalid, { Any issuer will do }
TRUE); { Must have a private key }
This will return an array of structures, with one element for each certificate in the user’s Personal store that is suitable for client authentication and has a private key that matches its public key.
