| Platform SDK: Certificate Enrollment Control |
[Visual Basic] The ICEnroll interface is an interface of the CEnroll object. This interface is primarily of interest if you are not using Automation. If, on the other hand, you are programming in Visual Basic or another Automation language, see the CEnroll object for a complete listing of the methods and properties available.
The ICEnroll interface is one of three interfaces currently exposed by the CEnroll object, which provides the entire functionality for the Certificate Enrollment Control. Previously, the CEnroll object exposed only the ICEnroll interface. However, beginning with Microsoft® Windows® 2000 Beta 2, the CEnroll object supports ICEnroll2, which inherits and extends the methods and properties of ICEnroll. Beginning with Microsoft® Windows® 2000 Beta 3, the CEnroll object supports ICEnroll3, which inherits and extends the methods and properties of both ICEnroll and ICEnroll2.
ICEnroll has the following methods.
| Method | Description |
|---|---|
| acceptFilePKCS7 | Accepts and processes a PKCS #7 containing a certificate. This PKCS #7 is stored in a file. |
| acceptPKCS7 | Accepts and processes a PKCS #7 containing a certificate. This PKCS #7 is input as a parameter. |
| createFilePKCS10 | Creates a PKCS #10 reqesting a certificate for the person or entity whose information is supplied in the PKCS #10. This PKCS #10 is saved to a file. |
| createPKCS10 | Creates a PKCS #10 reqesting a certificate for the person or entity whose information is supplied in the PKCS #10. This PKCS #10 is a return or output parameter. |
| enumContainers | Enumerates all the containers for the provider specified in the ProviderName property. |
| enumProviders | Enumerates all the providers available on the computer for the specified ProviderType property. |
| freeRequestInfo | Cleans up the stores if an error occurs or if a PKCS #7 is not to be accepted for some reason. Currently not implemented. |
| getCertFromPKCS7 | Retrieves from a PKCS #7 the single certificate that was issued in response to a PKCS #10. |
The following properties are provided for the ICEnroll interface. For information on using these properties, see Using the Certificate Enrollment Control Properties.
| Property | Description |
|---|---|
| CAStoreFlags
[C++] Access: Read/write [Visual Basic] Access: Read/write |
Passed directly to CertOpenStore, specifying characteristics when opening the certification authority (CA) store. |
| CAStoreName
[C++] Access: Read/write [Visual Basic] Access: Read/write |
Specifies where all non-"ROOT" and non-"MY" certificates are kept. |
| CAStoreType
[C++] Access: Read/write [Visual Basic] Access: Read/write |
Specifies the type of store to use for the store specified by the CAStoreName property. |
| ContainerName
[C++] Access: Read/write [Visual Basic] Access: Read/write |
Specifies the name of the key container to use. |
| DeleteRequestCert
[C++] Access: Read/write [Visual Basic] Access: Read/write |
Controls whether a dummy certificate is deleted — a dummy certificate created to persist the keys generated while the PKCS #10 certificate request is being issued. |
| GenKeyFlags
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Passed directly to CryptGenKey, specifying characteristics of the key being created. |
| HashAlgorithm
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the the preferred hash algorithm for signing the PKCS #10. |
| KeySpec
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the key type to be generated. |
| MyStoreFlags
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Passed directly to CertOpenStore, specifying characteristics when opening the MY store. |
| MyStoreName
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies where certificates with linked private keys are kept. |
| MyStoreType
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the type of store to use for the store specified by the MyStoreName property. |
| ProviderFlags
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Use depends on the provider in use. |
| ProviderName
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the cryptographic service provider (CSP) to use. |
| ProviderType
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Use depends on the provider in use. |
| PVKFileName
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Secifies that the private keys be generated as exportable and written to the file specified by the PVKFileName property. |
| RequestStoreFlags
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Passed directly to CertOpenStore, specifying characteristics when opening the REQUEST store. |
| RequestStoreName
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the certificate store used to store the dummy certificate to which the private keys have been added, until a certification authority processes the request and responds with a PKCS #7. |
| RequestStoreType
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the type of store to use for the store specified by the RequestStoreName property. |
| RootStoreFlags
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Passed directly to CertOpenStore, specifying characteristics when opening the ROOT store. |
| RootStoreName
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies where all intrinsically trusted, self-signed ROOT certificates are kept. |
| RootStoreType
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the type of store to use for the store specified by the RootStoreName property. |
| SPCFileName
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies a file to which to write the PKCS #7 (in BSTR form) returned from the certification authority. |
| UseExistingKeySet
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies that an existing key set be used, instead of generating a new one (the default value is FALSE). |
| WriteCertToCSP
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies whether a certificate should be written to the cryptographic service provider. |
Windows NT/2000: Requires Windows 2000 (or Windows NT 4.0 with the Windows NT 4.0 Option Pack).
Header: Declared in Xenroll.h.
Library: Use Uuid.lib.