IX509CertificateRequestCmc::put_KeyArchivalCertificate method (certenroll.h)

The KeyArchivalCertificate property specifies or retrieves a certification authority (CA) encryption certificate. The certificate is contained in a byte array that is encoded by using Distinguished Encoding Rules (DER) as defined by the Abstract Syntax Notation One (ASN.1) standard. The DER-encoded byte array is represented by a string that is either a pure binary sequence or is Unicode encoded. This property is web enabled for both input and output.

This property is read/write.


HRESULT put_KeyArchivalCertificate(
  EncodingType Encoding,
  BSTR         Value




Return value



If correctly configured, a certification authority (CA) can archive a client's private key. Typically, the client requests an exchange certificate from the CA, validates it, and uses it as input to the KeyArchivalCertificate property. The CA's public key is used to encrypt the private key that is being submitted for archiving. You can use the ArchivePrivateKey property to request key archival.

You must set this property, if at all, before calling the Encode method, but you must initialize the CMC request object before calling the property. For more information, see the following topics:


Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header certenroll.h
DLL CertEnroll.dll

See also