共用方式為


CEnroll object

The CEnroll object represents the Certificate Enrollment Control. It is primarily used when programming in Visual Basic or another Automation language.

The CEnroll object exposes the following interfaces:

  • Methods
  • Properties

Methods

The CEnroll object has these methods.

Method Description
acceptFilePKCS7

Accepts and processes a PKCS #7 message containing a certificate, then stores the message to a file.

(Inherited from ICEnroll)
acceptFileResponse

Accepts delivery of the credentials issued in response to an earlier call to createFileRequest, and it places the credentials in the appropriate store.

(Inherited from ICEnroll4)
acceptPKCS7

Accepts and processes a PKCS #7 message containing a certificate. The PKCS #7 is input as a parameter.

(Inherited from ICEnroll)
AcceptResponse

Accepts delivery of the credentials issued in response to an earlier call to createRequest and places the credentials in the appropriate store.

(Inherited from ICEnroll4)
addAttributeToRequest

Adds an attribute to the certificate request.

(Inherited from ICEnroll4)
addCertTypeToRequest

Adds a certificate template to a request (used to support the enterprise certification authority (CA)).

(Inherited from ICEnroll2)
addCertTypeToRequestEx

Adds a certificate template (or "certificate type") to a request.

(Inherited from ICEnroll4)
addExtensionToRequest

Adds an extension to the request.

(Inherited from ICEnroll4)
addNameValuePairToRequest

Adds a name-value string pair to the request.

(Inherited from ICEnroll4)
addNameValuePairToSignature

Adds the name and value pair of an attribute to the request. It is up to the CA to interpret the meaning of the name-value pair.

(Inherited from ICEnroll2)
addNameValuePairToSignature

Adds a name-value string pair to the signature.

(Inherited from ICEnroll4)
binaryToString

Converts a binary data BLOB to a string.

(Inherited from ICEnroll4)
createFilePFX

Saves the accepted certificate chain and private key in a file in Personal Information Exchange (PFX) format.

(Inherited from ICEnroll4)
createFilePKCS10

Creates a base64-encoded PKCS #10 certificate request and saves it in a file.

(Inherited from ICEnroll)
createFileRequest

Creates a PKCS #10 certificate request, a PKCS #7 request, or a full Certificate Management over CMS (CMC) request and stores it in a file.

(Inherited from ICEnroll4)
createPFX

Saves the accepted certificate chain and private key in a PFX format string. The PFX format is also known as PKCS #12.

(Inherited from ICEnroll4)
createPKCS10

Creates a base64-encoded PKCS #10 certificate request.

(Inherited from ICEnroll)
createRequest

Creates a PKCS #10, PKCS #7, or full CMC format certificate request and stores it in a string.

(Inherited from ICEnroll4)
EnumAlgs

Retrieves the IDs of cryptographic algorithms in a given algorithm class that are supported by the current CSP.

(Inherited from ICEnroll3)
enumContainers

Retrieves the names of the containers for the cryptographic service provider (CSP) specified by the ProviderName property.

(Inherited from ICEnroll)
enumPendingRequest

Enumerates pending certificate requests and retrieves a specified property from each.

(Inherited from ICEnroll4)
enumProviders

Retrieves the names of the available CSPs specified by the ProviderType property.

(Inherited from ICEnroll)
freeRequestInfo

Cleans up the stores if an error occurs. Currently not implemented.

(Inherited from ICEnroll)
GetAlgName

Retrieves the name of a cryptographic algorithm given its ID. The values retrieved by this method depend on the current CSP.

(Inherited from ICEnroll3)
getCertFromFileResponse

Retrieves the certificate from a file containing a response from a CA.

(Inherited from ICEnroll4)
getCertFromPKCS7

Retrieves the certificate, contained in a PKCS #7 message, that was issued in response to a PKCS #10 certificate request.

(Inherited from ICEnroll)
getCertFromResponse

Retrieves the certificate from a CA's response.

(Inherited from ICEnroll4)
GetKeyLen

Retrieves the minimum and maximum key lengths for the signature and exchange keys.

(Inherited from ICEnroll3)
GetKeyLenEx

Retrieves size information for the signature and exchange keys.

(Inherited from ICEnroll4)
getProviderType

Retrieves the type of the specified CSP.

(Inherited from ICEnroll4)
GetSupportedKeySpec

Retrieves information regarding the CSP's support for signature or exchange keys.

(Inherited from ICEnroll3)
InstallPKCS7

Processes a certificate or chain of certificates, placing them into the appropriate certificate stores. This method differs from the acceptPKCS7 method in that InstallPKCS7 does not receive a request certificate.

(Inherited from ICEnroll3)
InstallPKCS7Ex

The same as InstallPKCS7 except that it returns the number of certificates actually installed in local stores.

(Inherited from ICEnroll4)
removePendingRequest

Removes a pending request from the client's request store.

(Inherited from ICEnroll4)
Reset

Returns the certificate enrollment control object to its initial state.

(Inherited from ICEnroll3)
resetAttributes

Removes all attributes from the request.

(Inherited from ICEnroll4)
resetExtensions

Removes all extensions from the request.

(Inherited from ICEnroll4)
setPendingRequestInfo

Sets properties for a pending request.

(Inherited from ICEnroll4)
stringToBinary

Converts an encoded string to a binary data BLOB.

(Inherited from ICEnroll4)

 

Properties

The CEnroll object has these properties.

Property Access type Description

CAStoreFlags

Read/write

Sets or retrieves a flag that controls the certificate store when it is opened.

(Inherited from ICEnroll)

CAStoreName

Read/write

Sets or retrieves the name of the store where all non-"ROOT" and non-"MY" certificates are kept.

(Inherited from ICEnroll)

CAStoreType

Read/write

Sets or retrieves the type of store to use for the store specified by the CAStoreName property.

(Inherited from ICEnroll)

ClientId

Sets or retrieves the client ID request attribute.

(Inherited from ICEnroll4)

ContainerName

Read/write

Sets or retrieves the name of the key container to use.

(Inherited from ICEnroll)

DeleteRequestCert

Read/write

Sets or retrieves a Boolean indicator that controls whether dummy certificates in the request store are deleted.

(Inherited from ICEnroll)

EnableSMIMECapabilities

Read/write

Sets or retrieves a Boolean value that controls whether the PKCS10 will contain a signed attribute for Secure/Multipurpose Internet Mail Extensions (S/MIME) capabilities.

(Inherited from ICEnroll3)

EnableT61DNEncoding

Read/write

Sets or retrieves a Boolean value that controls whether the distinguished name in the request is encoded as a T61 string instead of as a UNICODE string.

(Inherited from ICEnroll2)

GenKeyFlags

Read/write

Sets or retrieves a flag that controls whether a private key is exportable.

(Inherited from ICEnroll)

HashAlgID

Read/write

Sets or retrieves the hash algorithm used when signing a PKCS #10 certificate request.

(Inherited from ICEnroll3)

HashAlgorithm

Read/write

Sets or retrieves only the signature hash algorithm used to sign the PKCS #10.

(Inherited from ICEnroll)

IncludeSubjectKeyID

Sets or retrieves a Boolean value that controls whether a subject key identifier extension is included in the certificate request.

(Inherited from ICEnroll4)

KeySpec

Read/write

Sets or retrieves the type of key generated.

(Inherited from ICEnroll)

LimitExchangeKeyToEncipherment

Read/write

Sets or retrieves a Boolean value that controls whether an AT_KEYEXCHANGE request contains digital signature and non-repudiation key usages.

(Inherited from ICEnroll3)

MyStoreFlags

Read/write

Sets the registry location used for the MY store.

(Inherited from ICEnroll)

MyStoreName

Read/write

Sets or retrieves the name of the store where certificates with linked private keys are kept.

(Inherited from ICEnroll)

MyStoreType

Read/write

Sets or retrieves the type of store specified by the MyStoreName property.

(Inherited from ICEnroll)

PrivateKeyArchiveCertificate

Read/write

Sets or retrieves the certificate that is used to archive a private key with a PKCS #7 or CMC request.

(Inherited from ICEnroll4)

ProviderFlags

Read/write

Sets or retrieves the CSP type.

(Inherited from ICEnroll)

ProviderName

Read/write

Sets or retrieves the name of the CSP to use.

(Inherited from ICEnroll)

ProviderType

Read/write

Sets or retrieves the type of provider.

(Inherited from ICEnroll)

PVKFileName

Read/write

Sets or retrieves the name of the file that will contain exported keys.

(Inherited from ICEnroll)

RequestStoreFlags

Read/write

Sets or retrieves the registry location used for the REQUEST store.

(Inherited from ICEnroll)

RequestStoreName

Read/write

Sets or retrieves the name of the store that contains the dummy certificate. This dummy certificate, along with the added private keys, remains in the request store until a certification authority processes the request and responds with a PKCS #7.

(Inherited from ICEnroll)

RequestStoreType

Read/write

Sets or retrieves the type of store to use for the store specified by the RequestStoreName property.

(Inherited from ICEnroll)

ReuseHardwareKeyIfUnableToGenNew

Read/write

Sets or retrieves a Boolean value that determines the action taken by the certificate enrollment control object if an error is encountered when generating a new key.

(Inherited from ICEnroll3)

RootStoreFlags

Read/write

Sets or retrieves the registry location used for the ROOT store.

(Inherited from ICEnroll)

RootStoreName

Read/write

Sets or retrieves the name of the root store where all intrinsically trusted self-signed ROOT certificates are kept.

(Inherited from ICEnroll)

RootStoreType

Read/write

Sets or retrieves the type of store to use for the store specified by the RootStoreName property.

(Inherited from ICEnroll)

SignerCertificate

Sets the signing certificate.

(Inherited from ICEnroll4)

SPCFileName

Read/write

Sets or retrieves the name of the file to write the resulting base64-encoded PKCS #7 (in BSTR form) as returned from the certification authority.

(Inherited from ICEnroll)

ThumbPrint

Read/write

Sets or retrieves a hash of the certificate data.

(Inherited from ICEnroll4)

UseExistingKeySet

Read/write

Sets or retrieves a Boolean value that indicates whether the existing keys should be used.

(Inherited from ICEnroll)

WriteCertToCSP

Read/write

Sets or retrieves a Boolean value that indicates whether a certificate should be written to the CSP.

(Inherited from ICEnroll)

WriteCertToUserDS

Read/write

Sets or retrieves a Boolean value that controls whether the certificate is written to the user's Active Directory store.

(Inherited from ICEnroll2)

 

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]