ICertificates2::Find method
[CAPICOM is a 32-bit only component that is available for use in the following operating systems: Windows Server 2008, Windows Vista, and Windows XP. Instead, use the X509Certificate2Collection Class in the System.Security.Cryptography.X509Certificates namespace.]
The Find method returns a Certificates object that contains all certificates that match the specified search criteria. This method was introduced in CAPICOM 2.0.
Syntax
Certificates.Find( _
ByVal FindType, _
[ ByVal varCriteria ], _
[ ByVal bFindValidOnly ] _
)
Parameters
-
FindType [in]
-
A value of the CAPICOM_CERTIFICATE_FIND_TYPE enumeration that specifies the type of matching criteria supplied in the varCriteria parameter. The following table shows the possible values.
Value Meaning - CAPICOM_CERTIFICATE_FIND_SHA1_HASH
Returns certificates with a SHA1 hash that matches the SHA1 hash specified in the varCriteria parameter. - CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME
Returns certificates whose subject name exactly or partially matches the subject name specified in the varCriteria parameter. This call searches the subject name field only. - CAPICOM_CERTIFICATE_FIND_ISSUER_NAME
Returns certificates whose issuer name exactly or partially matches the issuer name specified in the varCriteria parameter. This call searches the issuer name field only. - CAPICOM_CERTIFICATE_FIND_ROOT_NAME
Returns certificates whose root subject name exactly or partially matches the root subject name specified in the varCriteria parameter. This call creates a chain. This call searches the subject name field of the root certificate. - CAPICOM_CERTIFICATE_FIND_TEMPLATE_NAME
Returns certificates whose template name matches the template name specified in the varCriteria parameter. - CAPICOM_CERTIFICATE_FIND_EXTENSION
Returns certificates that have an extension that matches the extension specified in the varCriteria parameter. - CAPICOM_CERTIFICATE_FIND_EXTENDED_PROPERTY
Returns certificates in the store that explicitly contain an extended property with the value specified in the varCriteria parameter. - CAPICOM_CERTIFICATE_FIND_APPLICATION_POLICY
Returns certificates in the store that have either an enhanced key usage extension, application policy extension, or extended property specified in the varCriteria parameter. - CAPICOM_CERTIFICATE_FIND_CERTIFICATE_POLICY
Returns certificates that contain the policy OID in the Certificate Policy extension specified in the varCriteria parameter. - CAPICOM_CERTIFICATE_FIND_TIME_VALID
Returns certificates whose time is valid. - CAPICOM_CERTIFICATE_FIND_TIME_NOT_YET_VALID
Returns certificates whose time is not yet valid. - CAPICOM_CERTIFICATE_FIND_TIME_EXPIRED
Returns certificates whose time has expired. - CAPICOM_CERTIFICATE_FIND_KEY_USAGE
Returns certificates containing key usages in the KeyUsage extension specified in the varCriteria parameter. If the KeyUsage extension is not present, all of the key usages are assumed to be unavailable. -
varCriteria [in, optional]
-
A variant that contains the search criteria. This data must match the type of data specified in the FindType parameter. If the value of the FindType parameter is CAPICOM_CERTIFICATE_FIND_TIME_VALID, CAPICOM_CERTIFICATE_FIND_TIME_NOT_YET_VALID, or CAPICOM_CERTIFICATE_FIND_TIME_EXPIRED and you do not pass a value into this parameter, the current time is assumed. For examples of each data type, see Remarks. The default value is 0.
-
bFindValidOnly [in, optional]
-
A Boolean value that indicates whether only valid certificates are returned. The default value is false; this indicates that all certificates that match the search criteria are returned.
If true, the search will not return the following types of certificates:
- Certificates whose time has expired or is not yet valid.
- Certificates not chained properly.
- Certificates that have signature problems.
- Certificates that are revoked.
Return value
Certificates object that contains the results of the search.
CAPICOM 2.1: The Certificates object that is returned contains references to the certificates in the collection in which the search was done. Any changes made to the certificates in the returned Certificates object are reflected in that collection.
CAPICOM 2.0, CAPICOM 2.0.0.1, CAPICOM 2.0.0.2, and CAPICOM 2.0.0.3: The Certificates object that is returned contains copies of the certificates in the collection in which the search was done. Any changes made to the certificates in the returned Certificates object are not reflected in that collection.
Remarks
The following examples show possible search criteria for the different search criteria types.
| FindType parameter | varCriteria parameter |
|---|---|
| CAPICOM_CERTIFICATE_FIND_SHA1_HASH | 33F362434B577F844BB7226BE36F7D72EF9D9393 |
| CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME | "NameOfPerson" |
| CAPICOM_CERTIFICATE_FIND_ISSUER_NAME | "VeriSign" |
| CAPICOM_CERTIFICATE_FIND_ROOT_NAME | "Microsoft Root Authority" |
| CAPICOM_CERTIFICATE_FIND_TEMPLATE_NAME | "AutoEnrollEFS" 1.3.6.1.4.1.311.21.8.3692315854.1256661383.1690418588.4201632533.1741915387.2177932052 |
| CAPICOM_CERTIFICATE_FIND_EXTENSION | "2.5.29.31" CAPICOM_OID_KEY_USAGE_EXTENSION "CRL Distribution List" |
| CAPICOM_CERTIFICATE_FIND_EXTENDED_PROPERTY | CAPICOM_PROPID_KEY_PROV_INFO |
| CAPICOM_CERTIFICATE_FIND_APPLICATION_POLICY | "1.3.6.1.5.5.7.3.3" "1.3.6.1.5.5.7.3.4" CAPICOM_OID_SERVER_AUTH_EKU "Code Signing" |
| CAPICOM_CERTIFICATE_FIND_CERTIFICATE_POLICY | "1.3.6.1.5.5.7.3.4.3.5" "Corporate High Assurance" |
| CAPICOM_CERTIFICATE_FIND_TIME_VALID | #04/15/2002, 6:00 PM# |
| CAPICOM_CERTIFICATE_FIND_TIME_NOT_YET_VALID | #04/15/2002, 6:00 PM# |
| CAPICOM_CERTIFICATE_FIND_TIME_EXPIRED | #04/15/2002, 6:00 PM# |
| CAPICOM_CERTIFICATE_FIND_KEY_USAGE | CAPICOM_ENCIPHER_ONLY_KEY_USAGE |
Requirements
| Requirement | Value |
|---|---|
| End of client support |
Windows Vista |
| End of server support |
Windows Server 2008 |
| Redistributable |
CAPICOM 2.0 or later on Windows Server 2003 and Windows XP |
| DLL |
|
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for