enrollRenewalPKCS7

The enrollRenewalPKCS7 sample creates a PKCS #7 request object to renew an existing certificate. The request object uses a new key pair but retains the cryptographic provider associated with the certificate being renewed.

Location

When you install the Microsoft Windows Software Development Kit (SDK), the sample is installed, by default, in the %ProgramFiles%\Microsoft SDKs\Windows\v7.0\Samples\Security\X509 Certificate Enrollment\VC\enrollRenewalPKCS7 folder.

Discussion

The enrollRenewalPKCS7 sample:

1. Processes the command line arguments. The command line should contain the name of the template used to create the certificate request.
2. Retrieves an existing certificate by using the name of the template specified on the command line or, if a certificate cannot be found, attempts to enroll one by using the template. The findCertByTemplate and enrollCertByTemplate functions are defined in enrollCommon.cpp.
3. Verifies the certificate chain and converts the certificate to a BSTR.
4. Creates an IX509CertificateRequestPkcs7 object and initializes it by using the existing certificate. Because the inheritOptions parameter is set to InheritDefault, a new key pair is created for the request but the cryptographic provider in the existing certificate is used. For more information, see the InitializeFromCertificate method.
5. Creates an IX509Enrollment object, initializes it by using the PKCS #7 request object, attempts to enroll it with the CA and monitors the status of the enrollment process. The checkEnrollStatus function is defined in enrollCommon.cpp.

Related topics

CMC Request

PKCS #7 Renewal Request

Using the Included Samples