IX509CertificateRequestPkcs10::InitializeDecode method (certenroll.h)
The InitializeDecode method decodes an existing signed or unsigned PKCS #10 certificate request and uses it to initialize the new PKCS #10 request object. The existing request is contained in a byte array that has been encoded by using Distinguished Encoding Rules (DER) as defined by the Abstract Syntax Notation One (ASN.1) standard. The byte array is represented by a string that is either a pure binary sequence or is Unicode encoded.
Syntax
HRESULT InitializeDecode(
[in] BSTR strEncodedData,
[in] EncodingType Encoding
);
Parameters
[in] strEncodedData
A BSTR variable that contains the DER-encoded request. For more information, see Remarks.
[in] Encoding
An EncodingType enumeration value that specifies the type of Unicode encoding applied to the input string that contains the DER-encoded request. The default value is XCN_CRYPT_STRING_BASE64.
Return value
If the function succeeds, the function returns S_OK.
If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.
| Return code/value | Description |
|---|---|
|
The certificate request object has already been initialized. |
Remarks
The InitializeDecode method decodes the existing PKCS #10 request and uses the information retrieved to initialize the following collections for the new request object:
- An empty ICryptAttributes collection.
- An empty IX509Extensions collection.
- An empty IObjectIds collection for attribute and extension OIDs to be suppressed from the new request.
The method also:
- Adds the decoded extensions to the IX509Extensions collection.
- Adds the decoded attributes to the ICryptAttributes collection.
- Sets the CriticalExtensions property with the decoded critical extensions.
- Sets the ClientId property.
- Sets the TemplateObjectId property.
By default, the InitializeDecode method assumes that the certificate request to be decoded is for an end user. Beginning with Windows 8 and Windows Server 2012, you can change this default behavior. After creating an instance of the IX509CertificateRequestPkcs10 interface, call InitializeDecode by setting the Encoding parameter to XCN_CRYPT_STRING_BINARY and the strEncodedData parameter to one of the following values:
| Value | Description |
|---|---|
| L"ContextMachine" | The encoded certificate request is for a computer. |
| L"ContextUser" | The encoded certificate request is for an end user. |
| L"ContextAdministratorForceMachine" | The encoded certificate is being requested by an administrator acting on the behalf of a computer. |
Then, call the InitializeDecode method again with the encoded certificate set in the strEncodedData argument.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | certenroll.h |
| DLL | CertEnroll.dll |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for