ICertConfig::GetConfig method (certcli.h)
The GetConfig method retrieves the configuration string for a Certificate Services server. This method was first defined in the ICertConfig interface.
The configuration string is the server name and certification authority name separated by a backslash (\); for example: ServerName\CAName. This configuration string can be used to refer unambiguously to a specific Certificate Services server. For more information, see Remarks.
Syntax
HRESULT GetConfig(
[in] LONG Flags,
[out] BSTR *pstrOut
);
Parameters
[in] Flags
Value that specifies the certification authority to use. This parameter can be one of the following values.
[out] pstrOut
A pointer to a BSTR that contains the configuration. When you have finished using the configuration, call the SysFreeString function to free pbstrOut.
Return value
C++
If the method succeeds, the method returns S_OK.If the method fails, it returns an HRESULT value that indicates the error. For a list of common error codes, see Common HRESULT Values.
VB
The return value is a string that contains the configuration.Remarks
The certification authority (CA) name portion of the configuration string that this function returns is the exact text entered during the Certificate Services setup process. Note that this text may be different from the form of the CA name found in file names (such as for the certificate revocation list) or in registry keys. This is because file names and registry keys use a sanitized version of the CA name.
The process of sanitizing the CA name is necessary to remove characters that are illegal for file names, registry key names, or distinguished name values, or illegal for reasons specific to Certificate Services. In the sanitizing process, any illegal character in the common name is converted to a five-character representation in the format !xxxx, where ! is used as an escape character and xxxx represents four hexadecimal digits that uniquely identify the character to be converted.
For example, the number sign (#) is not allowed in distinguished names in Active Directory. If the CA name entered during setup is #YourName, the sanitized CA name will be !0023YourName.
The following characters, if entered for the common name of the CA during setup, are converted to the !xxxx format during the sanitizing process. This list is subject to change.
| Name | Character | Value in !xxxx format |
|---|---|---|
| Ampersand | & | !0026 |
| Apostrophe | ' | !0027 |
| Asterisk | * | !002a |
| Backslash | \ | !005c |
| Left brace | { | !007b |
| Right brace | } | !007d |
| Left bracket | [ | !005b |
| Right bracket | ] | !005d |
| Caret | ^ | !005e |
| Colon | : | !003a |
| Comma | , | !002c |
| Equal sign | = | !003d |
| Exclamation point | ! | !0021 |
| Grave accent | ` | !0060 |
| Greater than sign | > | !003e |
| Less than sign | < | !003c |
| Number sign | # | !0023 |
| Opening parenthesis | ( | !0028 |
| Closing parenthesis | ) | !0029 |
| Percent | % | !0025 |
| Pipe | | | !007c |
| Plus sign | + | !002b |
| Question mark | ? | !003f |
| Quotation mark | " | !0022 |
| Semicolon | ; | !003b |
| Slash mark | / | !002f |
Any nonprinting character and all Unicode characters that are not seven bits are also converted to the !xxxx format.
A sanitized short name is generated when the sanitized name is too long for a 64-character directory services relative distinguished name (RDN). The sanitized short name consists of the sanitized name truncated and appended with a hash of the full sanitized name. The sanitized short name reserves some of the 64 characters to contain certificate revocation list (CRL) suffixes, such as (123).
The certification authority name portion of the configuration string returned by this method is the original text entered during setup. Note that Certificate Services methods that require a certification authority name as a parameter accept the originally entered certification authority name. For example, for the certification authority name #YourName, the
ICertView2::OpenConnection method accepts #YourName as the parameter's certification authority portion.
Examples
The following example shows how to use this method to retrieve the default certification authority configuration string.
ICertConfig2 * pConfig = NULL;
BSTR bstrConfig = NULL; //Contains CA configuration name
HRESULT hr;
hr = CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
if (FAILED(hr))
{
printf("Failed CoInitializeEx - [%x]\n", hr);
goto error;
}
// Create an instance of the CertConfig object.
hr = CoCreateInstance( CLSID_CCertConfig,
NULL,
CLSCTX_INPROC_SERVER,
IID_ICertConfig2,
(void **)&pConfig);
if (FAILED(hr))
{
printf("Failed CoCreateInstance - pConfig [%x]\n", hr);
goto error;
}
// Retrieve the default CA configuration string.
hr = pConfig->GetConfig(CC_DEFAULTCONFIG, &bstrConfig);
if (FAILED(hr))
{
printf("Failed GetConfig - [%x]\n", hr);
goto error;
}
else
printf("GetConfig returned: %ws\n", bstrConfig );
error:
// Done processing.
if (pConfig)
pConfig->Release();
if (bstrConfig)
SysFreeString(bstrConfig);
CoUninitialize();
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | None supported |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Target Platform | Windows |
| Header | certcli.h (include Certsrv.h) |
| Library | Certidl.lib |
| DLL | Certcli.dll |