Active Directory Certificate Service - How to list all the available certificate templates in the CA Server?

Question

I have CA server set up in windows server. I have a client code in C# which created CSR sends to the server and downloads the issued certificate from the server. I want to know can retrieve a list of certificate templates which are there in CA server using C# code?

Answer 1

The list of assigned to CA server templates can be retrieved by using ICertRequest2 COM interface and calling the ICertRequest2::GetCAProperty method.

You will have to add a CertCli COM library reference (in Visual Studio). Alternatively, you can create introp library by using tlbimp.exe tool from certcli.dll library and then use CCertRequest class which implements ICertRequest interface.

In order to retrieve the list of certificate templates, pass the CR_PROP_TEMPLATES value in dwPropId parameter. For more details about GetCAProperty method call you can consult with ICertRequestD2::GetCAProperty DCOM description which is part of MS-WCCE protocol specification.

The method returns string value in the following format: TemplateName1\nTemplateOID1\nTemplateName2\nTemplateOID2\.... You can split this string with \n character into an array of strings, where each even (assuming zero-based index) element represents template display name (not common name, or cn attribute) and odd element represents template OID. More details about output: [MS-WCCE] §3.2.2.6.3.1.1 PropID=0x0000001D (CR_PROP_TEMPLATES) "Configured Certificate Templates"