IX509CertificateRequestPkcs10::InitializeDecode method (certenroll.h)

The InitializeDecode method decodes an existing signed or unsigned PKCS #10 certificate request and uses it to initialize the new PKCS #10 request object. The existing request is contained in a byte array that has been encoded by using Distinguished Encoding Rules (DER) as defined by the Abstract Syntax Notation One (ASN.1) standard. The byte array is represented by a string that is either a pure binary sequence or is Unicode encoded.


HRESULT InitializeDecode(
  [in] BSTR         strEncodedData,
  [in] EncodingType Encoding


[in] strEncodedData

A BSTR variable that contains the DER-encoded request. For more information, see Remarks.

[in] Encoding

An EncodingType enumeration value that specifies the type of Unicode encoding applied to the input string that contains the DER-encoded request. The default value is XCN_CRYPT_STRING_BASE64.

Return value

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

Return code/value Description
The certificate request object has already been initialized.


The InitializeDecode method decodes the existing PKCS #10 request and uses the information retrieved to initialize the following collections for the new request object:

The method also:

By default, the InitializeDecode method assumes that the certificate request to be decoded is for an end user. Beginning with Windows 8 and Windows Server 2012, you can change this default behavior. After creating an instance of the IX509CertificateRequestPkcs10 interface, call InitializeDecode by setting the Encoding parameter to XCN_CRYPT_STRING_BINARY and the strEncodedData parameter to one of the following values:

Value Description
L"ContextMachine" The encoded certificate request is for a computer.
L"ContextUser" The encoded certificate request is for an end user.
L"ContextAdministratorForceMachine" The encoded certificate is being requested by an administrator acting on the behalf of a computer.

Then, call the InitializeDecode method again with the encoded certificate set in the strEncodedData argument.


Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header certenroll.h
DLL CertEnroll.dll

See also