Edit

IX509CertificateRequestPkcs10V2::InitializeFromTemplate method (certenroll.h)

  • Article

The InitializeFromTemplate method initializes the certificate request by using a template.

Syntax

HRESULT InitializeFromTemplate(
  [in] X509CertificateEnrollmentContext context,
  [in] IX509EnrollmentPolicyServer      *pPolicyServer,
  [in] IX509CertificateTemplate         *pTemplate
);

Parameters

[in] context

An X509CertificateEnrollmentContext enumeration value that specifies whether the requested certificate is intended for an end user, a computer, or administrator acting on behalf of the computer. This can be one of the following values.

Value Meaning
ContextUser
 The certificate is being requested for an end user.
ContextMachine
 The certificate is being requested for a computer.
ContextAdministratorForceMachine
 The certificate is being requested by an administrator acting on the behalf of a computer.

[in] pPolicyServer

Pointer to an IX509EnrollmentPolicyServer object that represents the certificate enrollment policy (CEP) server that contains the template specified by the pTemplate parameter.

[in] pTemplate

Pointer to an IX509CertificateTemplate object that represents the template to use during initialization.

Return value

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

Return code Description
E_POINTER
 The pPolicyServer or pTemplate parameters are NULL.
HRESULT_FROM_WIN32(ERROR_ALREADY_INITIALIZED)
 The certificate request object has already been initialized.

Remarks

The InitializeFromTemplate method creates the following collections:

  • An ICryptAttributes collection.
  • An IX509Extensions collection.
  • An IObjectIds collection populated with the default XCN_OID_KEY_USAGE and XCN_OID_BASIC_CONSTRAINTS2 object identifiers.
  • An empty IObjectIds collection for attribute and extension OIDs to be suppressed from the new request.

The method then examines the template and performs the following actions:

  • Adds the extensions specified by the template to the IX509Extensions collection.
  • Removes the default critical extensions (XCN_OID_KEY_USAGE and XCN_OID_BASIC_CONSTRAINTS2) from the collection if the template indicates that they are not critical. The OIDs marked critical by the template are added.
  • Sets the SmimeCapabilities property if the template supports symmetric algorithms.
  • Sets the AlternateSignatureAlgorithm property if the template requires a discrete signature algorithm OID.
  • Creates an IX509SignatureInformation object.
  • Creates a hash algorithm OID if the algorithm is specified in the template and sets it on the IX509SignatureInformation object.
  • Creates an asymmetric encryption algorithm OID if the algorithm is specified in the template and sets it on the IX509SignatureInformation object.
  • Populates many of the IX509PrivateKey properties from the template settings.

If the CSPInformations property is NULL, the method creates an ICspInformations collection from the providers installed on the computer.

Requirements

Requirement Value
Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Target Platform Windows
Header certenroll.h

See also

IX509CertificateRequestPkcs10V2