ICertAdmin::IsValidCertificate method (certadm.h)

The IsValidCertificate method verifies the certificate against the certification authority (CA) key and checks that the certificate has not been revoked. This method was first defined in the ICertAdmin interface.


HRESULT IsValidCertificate(
  [in]          const BSTR strConfig,
  [in]          const BSTR strSerialNumber,
  [out, retval] LONG       *pDisposition


[in] strConfig

Represents a valid configuration string for the CA in the form COMPUTERNAME\CANAME, where COMPUTERNAME is the network name of the Certificate Services server and CANAME is the common name of the certification authority, as entered during Certificate Services setup. For information about the configuration string name, see ICertConfig.

Important  IsValidCertificate does not clear the internal cache when the configuration string is changed. When you change the configuration string for the CA, you must instantiate a new ICertAdmin object and call this method again with the new configuration string.

[in] strSerialNumber

Specifies a serial number that identifies the certificate to be reviewed. The string must specify the serial number as an even number of hexadecimal digits. If necessary, a zero can be prefixed to the number to produce an even number of digits. No more than one leading zero may be used.

[out, retval] pDisposition

A pointer to a LONG that receives the disposition value.

Return value


If the method succeeds and the pDisposition parameter is set to one of the following values, the method returns S_OK.

If the method fails, it returns an HRESULT value that indicates the error. For a list of common error codes, see Common HRESULT Values.


The return value specifies the disposition of the certificate. This value is one of the following values. (These values are defined in Certadm.h.)
Return code Description
The call was not completed.
The call failed.
The certificate has been revoked.
The certificate is still valid.
The certificate was never issued.
The certificate is pending.


This method determines only whether a certificate has been issued and is not currently revoked; it does not check that the current time and date are within the period for which the certificate is valid (the NotBefore and NotAfter certificate properties). An application that uses this method is also responsible for checking the certificate expiration.

Administration tasks use DCOM. Code that calls this interface method as defined in an earlier version of Certadm.h will run on Windows-based servers as long as the client and the server are both running the same Windows operating system.


    BSTR       bstrCA = NULL;      // Machine\CAName
    BSTR       bstrSerial = NULL;  // Contains the certificate 
                             // serial number
    long       nDisp;              // Contains the certificate
                             // disposition
    HRESULT    hr;

    bstrCA = SysAllocString(L"<COMPUTERNAMEHERE>\\<CANAMEHERE>");
    bstrSerial = SysAllocString(L"<SERIALNUMBERHERE>");

    if (NULL == bstrCA || NULL == bstrSerial)
        printf("Memory allocation failed\n");
        goto error;

    //  Determine whether the certificate is valid.
    //  pCertAdmin is a previously instantiated ICertAdmin 
    //  object pointer.
    hr = pCertAdmin->IsValidCertificate(bstrCA, bstrSerial, &nDisp);
    if (FAILED(hr))
        printf("Failed IsValidCertificate [%x]\n", hr);
        goto error;
    //  Use nDisp as needed.

    //  Done processing.


    //  Free BSTR values.
    if (NULL != bstrCA)

    if (NULL != bstrSerial)


Minimum supported client None supported
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header certadm.h (include Certsrv.h)
Library Certidl.lib
DLL Certadm.dll

See also