| Platform SDK: Certificate Enrollment Control |
[Visual Basic] The ICEnroll3 interface is an interface of the CEnroll object. This interface is primarily of interest if you are not using Automation. If, on the other hand, you are programming in Visual Basic or another Automation language, see the CEnroll object for a complete listing of the methods and properties available.
The ICEnroll3 interface is one of three interfaces currently exposed by the CEnroll object, which provides the entire functionality for the Certificate Enrollment Control. Before Microsoft® Windows® 2000 Beta 3, the CEnroll object exposed two interfaces, ICEnroll and ICEnroll2. However, beginning with Windows 2000 Beta 3, the CEnroll object also supports ICEnroll3.
Because ICEnroll3 inherits all members of the earlier ICEnroll and ICEnroll2 interfaces, the following tables include those members as well as the additional methods and properties that ICEnroll3 supports.
| Method | Description |
|---|---|
| acceptFilePKCS7 | Accepts and processes a PKCS #7 containing a certificate. The PKCS #7 is stored in a file.
Implemented as ICEnroll::acceptFilePKCS7. |
| acceptPKCS7 | Accepts and processes a PKCS #7 containing a certificate. The PKCS #7 is input as a parameter.
Implemented as ICEnroll::acceptPKCS7. |
| addCertTypeToRequest | Adds a certificate template to a request (used to support the enterprise certification authority (CA)).
Implemented as ICEnroll2::addCertTypeToRequest. |
| addNameValuePairToSignature | Adds a name/value pair to an attribute (the name/value pair is interpreted by the CA).
Implemented as ICEnroll2::addNameValuePairToSignature. |
| createFilePKCS10 | Creates a PKCS #10 reqesting a certificate for the person or entity whose information is supplied in the PKCS #10. This PKCS #10 is saved to a file.
Implemented as ICEnroll::createFilePKCS10. |
| createPKCS10 | Creates a PKCS #10 reqesting a certificate for the person or entity whose information is supplied in the PKCS #10. This PKCS #10 is a return or output parameter.
Implemented as ICEnroll::createPKCS10. |
| EnumAlgs | Enumerates IDs of algorithms supported by the cryptographic service provider (CSP). |
| enumContainers | Enumerates all the containers for the provider specified in the ProviderName property.
Implemented as ICEnroll::enumContainers. |
| enumProviders | Enumerates all the providers available on the computer for the specified ProviderType property.
Implemented as ICEnroll::enumProviders. |
| freeRequestInfo | Cleans up the stores if an error occurs or if a PKCS #7 is not to be accepted for some reason. Currently not implemented.
Implemented as ICEnroll::freeRequestInfo. |
| GetAlgName | Retrieves the name corresponding to an algorithm ID. |
| getCertFromPKCS7 | Retrieves from a PKCS #7 the single certificate that was issued in response to a PKCS #10.
Implemented as ICEnroll::getCertFromPKCS7. |
| GetKeyLen | Retrieves minimum and maximum key lengths. |
| GetSupportedKeySpec | Retrieves information regarding the CSP's support for signature or exchange keys. |
| InstallPKCS7 | Accepts and processes a PKCS #7 containing a certificate or chain of certificates. The PKCS #7 is input as a parameter. This differs from acceptPKCS7 because InstallPKCS7 doesn't receive a request certificate. |
| Reset | Places the ICEnroll3 object into its initial state. |
The following properties are provided for the ICEnroll3 interface. For information on using these properties, see Using the Certificate Enrollment Control Properties.
| Property | Description |
|---|---|
| CAStoreFlags
[C++] Access: Read/write [Visual Basic] Access: Read/write |
Passed directly to CertOpenStore, specifying characteristics when opening the certification authority (CA) store.
Implemented as ICEnroll::CAStoreFlags. |
| CAStoreName
[C++] Access: Read/write [Visual Basic] Access: Read/write |
Specifies where all non-"ROOT" and non-"MY" certificates are kept.
Implemented as ICEnroll::CAStoreName. |
| CAStoreType
[C++] Access: Read/write [Visual Basic] Access: Read/write |
Specifies the type of store to use for the store specified by the CAStoreName property.
Implemented as ICEnroll::CAStoreType. |
| ContainerName
[C++] Access: Read/write [Visual Basic] Access: Read/write |
Specifies the name of the key container to use.
Implemented as ICEnroll::ContainerName. |
| DeleteRequestCert
[C++] Access: Read/write [Visual Basic] Access: Read/write |
Controls whether a dummy certificate is deleted — a dummy certificate created to persist the keys generated while the PKCS #10 certificate request is being issued.
Implemented as ICEnroll::DeleteRequestCert. |
| EnableT61DNEncoding
[C++] Access: Read/write [Visual Basic] Access: Read/write |
Controls whether the certificate's distinguished name is encoded as a T61 string instead of as a UNICODE string.
Implemented as ICEnroll2::EnableT61DNEncoding. |
| EnableSMIMECapabilities
[C++] Access: Read/write [Visual Basic] Access: Read/write |
Controls whether the PKCS10 will contain a signed attribute for S/MIME capabilities. |
| GenKeyFlags
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Passed directly to CryptGenKey, specifying characteristics of the key being created.
Implemented as ICEnroll::GenKeyFlags. |
| HashAlgID
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the preferred hash algorithm for signing the PKCS #10. |
| HashAlgorithm
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the preferred hash algorithm for signing the PKCS #10.
Implemented as ICEnroll::HashAlgorithm. |
| KeySpec
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the key type to be generated.
Implemented as ICEnroll::KeySpec. |
| LimitExchangeKeyToEncipherment
[C++] Access: Read/write [Visual Basic] Access: Read/write |
Controls whether the request will contain key usages for digital signature and non-repudiation (applies to AT_KEYEXCHANGE requests only). |
| MyStoreFlags
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Passed directly to CertOpenStore, specifying characteristics when opening the MY store.
Implemented as ICEnroll::MyStoreFlags. |
| MyStoreName
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies where certificates with linked private keys are kept.
Implemented as ICEnroll::MyStoreName. |
| MyStoreType
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the type of store to use for the store specified by the MyStoreName property.
Implemented as ICEnroll::MyStoreType. |
| ProviderFlags
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Use depends on the provider in use.
Implemented as ICEnroll::ProviderFlags. |
| ProviderName
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the cryptographic service provider (CSP) to use.
Implemented as ICEnroll::ProviderName. |
| ProviderType
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Use depends on the provider in use.
Implemented as ICEnroll::ProviderType. |
| PVKFileName
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Secifies that the private keys be generated as exportable and written to the file specified by the PVKFileName property.
Implemented as ICEnroll::PVKFileName. |
| RequestStoreFlags
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Passed directly to CertOpenStore, specifying characteristics when opening the REQUEST store.
Implemented as ICEnroll::RequestStoreFlags. |
| RequestStoreName
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the certificate store used to store the dummy certificate to which the private keys have been added, until a certification authority processes the request and responds with a PKCS #7.
Implemented as ICEnroll::RequestStoreName. |
| RequestStoreType
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the type of store to use for the store specified by the RequestStoreName property.
Implemented as ICEnroll::RequestStoreType. |
| ReuseHardwareKeyIfUnableToGenNew
[C++] Access: Read\write [Visual Basic] Access: Read\write |
For hardware CSPs only (such as smart card), determines if an existing key is reused when it is not possible to create a new key. |
| RootStoreFlags
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Passed directly to CertOpenStore, specifying characteristics when opening the ROOT store.
Implemented as ICEnroll::RootStoreFlags. |
| RootStoreName
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies where all intrinsically trusted, self-signed ROOT certificates are kept.
Implemented as ICEnroll::RootStoreName. |
| RootStoreType
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies the type of store to use for the store specified by the RootStoreName property.
Implemented as ICEnroll::RootStoreName. |
| SPCFileName
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies a file to which to write the PKCS #7 (in BSTR form) returned from the certification authority.
Implemented as ICEnroll::SPCFileName. |
| UseExistingKeySet
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies that an existing key set be used, instead of generating a new one (the default value is FALSE).
Implemented as ICEnroll::UseExistingKeySet. |
| WriteCertToCSP
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies whether a certificate should be written to the cryptographic service provider.
Implemented as ICEnroll::WriteCertToCSP. |
| WriteCertToUserDS
[C++] Access: Read\write [Visual Basic] Access: Read\write |
Specifies whether a certificate is written to the user's Directory Service.
Implemented as ICEnroll2::WriteCertToUserDS. |
Windows NT/2000: Requires Windows 2000.
Header: Declared in Xenroll.h.
Library: Use Uuid.lib.