CertCreateCertificateChainEngine function (wincrypt.h)

The CertCreateCertificateChainEngine function creates a new, nondefault chain engine for an application. A chain engine restricts the certificates in the root store that can be used for verification, restricts the certificate stores to be searched for certificates and certificate trust lists (CTLs), sets a time-out limit for searches that involve URLs, and limits the number of certificates checked between checking for a certificate cycle.

Syntax

BOOL CertCreateCertificateChainEngine(
  [in]  PCERT_CHAIN_ENGINE_CONFIG pConfig,
  [out] HCERTCHAINENGINE          *phChainEngine
);

Parameters

[in] pConfig

A pointer to a CERT_CHAIN_ENGINE_CONFIG data structure that specifies the parameters for the chain engine.

[out] phChainEngine

A pointer to the handle of the chain engine created. When you have finished using the chain engine, release the chain engine by calling the CertFreeCertificateChainEngine function.

Return value

If the function succeeds, the function returns nonzero (TRUE).

If the function fails, it returns zero (FALSE). For extended error information, call GetLastError.

The phChainEngine parameter returns the chain engine handle.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps | UWP apps]
Minimum supported server Windows Server 2003 [desktop apps | UWP apps]
Target Platform Windows
Header wincrypt.h
Library Crypt32.lib
DLL Crypt32.dll

See also

CERT_CHAIN_ENGINE_CONFIG

CertFreeCertificateChainEngine

Certificate Chain Verification Functions

GetLastError