IEnroll::createPKCS10WStr method (xenroll.h)

[This method is no longer available for use as of Windows Server 2008 and Windows Vista.]

The createPKCS10WStr method creates a base64-encoded PKCS #10 certificate request. This method was first defined in the IEnroll interface.

This base64-encoded PKCS #10 certificate request (in BSTR form) can be submitted to a certification authority to request that a certificate be issued to the person or entity whose information it contains.

Syntax

HRESULT createPKCS10WStr(
  [in]  LPCWSTR          DNName,
  [in]  LPCWSTR          Usage,
  [out] PCRYPT_DATA_BLOB pPkcs10Blob
);

Parameters

[in] DNName

A null-terminated Unicode string that contains the distinguished name (DN) of the entity for which the request is being made. In this parameter, the DN name must follow the X.500 naming convention. For example "CN=User, O=Microsoft". If a two-letter prefix does not exist, an object identifier (OID) may be provided instead.

[in] Usage

A null-terminated Unicode string that contains an OID that describes the purpose of the certificate being generated. For example, Individual or Commercial Authenticode certificate, or Client Authentication. You can also specify multiple OIDs separated by a comma.

The OID is passed through to the PKCS #10 request. For general extensibility and ease of understanding, the control does not attempt to understand specific-purpose OIDs. Therefore if you specify a Client Authentication OID, the generated key will still be a signature key, not an exchange key.

[out] pPkcs10Blob

A pointer to a CRYPT_DATA_BLOB that receives the base64-encoded PKCS10 certificate request.

When you have finished using this memory, free it by passing the pbData member of this structure to the CoTaskMemFree function.

Return value

If the method succeeds, the method returns S_OK and pPkcs10Blob contains a base64-encoded PKCS #10 request that can be directly posted to a web server for processing.

If the method fails, it returns an HRESULT value that indicates the error. For a list of common error codes, see Common HRESULT Values.

Remarks

By default, the Microsoft Base Cryptographic Provider is used, PROV_RSA_FULL is the provider type, a signature key is created, and a unique new key set is created.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header xenroll.h
Library Uuid.lib
DLL Xenroll.dll

See also

IEnroll