Platform SDK: Certificate Enrollment Control

ICEnroll::acceptPKCS7 [C++]

CEnroll.acceptPKCS7 [Visual Basic]

The acceptPKCS7 method accepts and processes a PKCS #7 containing a certificate. The PKCS #7 is input as a parameter.

[Visual Basic]
objEnroll.acceptPKCS7( PKCS7 As String )
[C++]
HRESULT acceptPKCS7 (
  BSTR PKCS7 // in
);

Parameters

[Visual Basic] objEnroll
Object expression that resolves to a CEnroll object.
[Visual Basic,C++] PKCS7
Represents the base64-encoded PKCS #7 containing the certificate and the chain of certificates identifying the issuer.

Return Values

[Visual Basic] None.

[C++] The return value is an HRESULT. A value of S_OK indicates success. Upon successful completion of this function, the PKCS7 will be accepted.

Remarks

The PKCS #7 input as a parameter for acceptPKCS7 contains the request certificate and the chain of certificates identifying the issuer of the certificate. Typically, but not always, the chain of certificates does not include the root. The PKCS #7 can be in base64-encoded, binary or X509 certificate format (with or without the begin cert / end cert tags). The certificate and the associated keys generated for it are put in the MY store. A root certificate is placed in the ROOT store and the rest of the chain of certificates are placed in the certification authority (CA) store. If any ROOT certificates found in the PKCS #7 are accepted, Crypt32 will notify the user that a ROOT certificate is being added to his store. The user has the option of declining the ROOT certificate; this option is provided so that the user can decline to place an untrusted root in the ROOT store. Declining to place the ROOT in the ROOT store will not cause Certificate Enrollment Control to fail acceptance.

By default, the system stores MY, CA, ROOT, and REQUEST are used to store the certificates. However, you can specify other stores by assigning the following properties before calling this method:

Example Code [C++]

HRESULT    hr;

// pEnroll is previously instantiated ICEnroll interface pointer
// bstrPKCS7 is previously created BSTR containing PCKS7
hr = pEnroll->acceptPKCS7( bstrPKCS7 );
if (FAILED(hr))
    printf("Failed acceptPKCS7 - %x\n", hr );
else
    printf("Accepted PKCS7 successfully\n");

Example Code [Visual Basic]

    On Error GoTo Err_Accept
    ' strPKCS7 is a String containing PKCS7
    objEnroll.acceptPKCS7 (strPKCS7)
    MsgBox ("Accepted PKCS7 successfully")

    Exit Sub

Err_Accept:

    MsgBox ("Failed acceptPKCS7")

    End Sub

Requirements

  Windows NT/2000: Requires Windows 2000 (or Windows NT 4.0 with the Windows NT 4.0 Option Pack).
  Header: Declared in Xenroll.h.
  Library: Use Uuid.lib.

See Also

acceptFilePKCS7, CAStoreName, MyStoreName, RootStoreName, RequestStoreName

Built on Thursday, November 11, 1999