IX509CertificateRequestPkcs10::InitializeFromPublicKey method (certenroll.h)

The InitializeFromPublicKey method initializes a null-signed certificate request by using an IX509PublicKey object and, optionally, a template.


HRESULT InitializeFromPublicKey(
  [in]           X509CertificateEnrollmentContext Context,
  [in]           IX509PublicKey                   *pPublicKey,
  [in, optional] BSTR                             strTemplateName


[in] Context

An X509CertificateEnrollmentContext enumeration value that specifies whether the requested certificate is intended for an end user, a computer, or an administrator acting on behalf of the computer.

[in] pPublicKey

Pointer to an IX509PublicKey interface that represents the public key.

[in, optional] strTemplateName

A BSTR variable that contains the Common Name (CN) of the template as it appears in Active Directory or the dotted decimal object identifier. This is an optional parameter.

Return value

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

Return code/value Description
The certificate request object has already been initialized.


If you specify a template, the InitializeFromPublicKey method performs the following actions:

  • Adds the extensions specified in the optional template, if any, to the IX509Extensions collection.
  • Creates a CriticalExtensions collection and populates it with the default XCN_OID_KEY_USAGE and XCN_OID_BASIC_CONSTRAINTS2 object identifiers. If a template is specified and indicates that these OIDs are not critical, they are removed from the collection. The OIDs marked critical by the template, if any, are added.
  • Sets the SmimeCapabilities property if the template supports symmetric algorithms.
  • Sets the AlternateSignatureAlgorithm property if the template requires a discrete signature algorithm OID.
  • Creates an IX509SignatureInformation object.
  • Creates a hash algorithm OID if the algorithm is specified in the template and sets it on the IX509SignatureInformation object.
  • Creates an asymmetric encryption algorithm OID if the algorithm is specified in the template and sets it on the IX509SignatureInformation object.

Whether you specify a template or not, if the CSPInformations property is not specified, the method creates an ICspInformations collection from the providers installed on the computer.

The method does not create a private key. The use of this method implies that the request is null-signed. Therefore, the method sets the NullSigned property on the IX509SignatureInformation object.


Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header certenroll.h
DLL CertEnroll.dll

See also