Viewing the Certificate Services Database

The ICertView interface is used by properly authorized clients to view the Certificate Services database. It should be noted that, as part of the shipped product, the Certification Authority MMC snap-in can be used to view the Certificate Services database. ICertView is provided for programmatically viewing the database. Support for the ICertView interface begins with Windows XP.

A properly authorized client means a user who has been granted permission to view the Certificate Services database; the Certification Authority MMC snap-in can be used to grant or restrict access to view the database (under Properties for the certification authority, click the Security tab). Additionally, to use the ICertView object, the client workstation is required to have installed the Certificate Services client components.

Although there are various scenarios for using ICertView and its related interfaces, the following depicts one possible sequence for developing a client application based on ICertView:

To view the Certificate Services database

  1. After obtaining an instance of the ICertView object, call ICertView::OpenConnection to communicate with a certification authority on a specific computer.
  2. Call ICertView::SetResultColumnCount to specify the number of columns in the view; this call is also used to specify a default view. If a default view is not specified in the call, the caller must call ICertView::SetResultColumn for each of the columns to be contained in the view.
  3. Optional. Specify sorting criteria and/or qualifying criteria for the database query by calling the ICertView::SetRestriction function. Qualifying criteria consists of informing the view to retrieve data based on qualifiers such as Greater Than, Less Than, Equal To, and so on.
  4. Call ICertView::OpenView to retrieve the data in the view; the view's data will consist of the columns requested by means of ICertView::SetResultColumnCount (and if a default view was not specified, ICertView::SetResultColumn). If ICertView::SetRestriction was called, data in the columns will be sorted and/or qualified. ICertView::OpenView creates a IEnumCERTVIEWROW object, which can be used to enumerate the view's rows.
  5. Use the IEnumCERTVIEWROW methods IEnumCERTVIEWROW::EnumCertViewAttribute, IEnumCERTVIEWROW::EnumCertViewColumn, and IEnumCERTVIEWROW::EnumCertViewExtension to retrieve attribute, column, and extension data as desired.