Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The CEnroll object represents the Certificate Enrollment Control. It is primarily used when programming in Visual Basic or another Automation language.
The CEnroll object exposes the following interfaces:
- Methods
- Properties
Methods
The CEnroll object has these methods.
| Method | Description |
|---|---|
| acceptFilePKCS7 | Accepts and processes a PKCS #7 message containing a certificate, then stores the message to a file. (Inherited from ICEnroll) |
| acceptFileResponse | Accepts delivery of the credentials issued in response to an earlier call to createFileRequest, and it places the credentials in the appropriate store. (Inherited from ICEnroll4) |
| acceptPKCS7 | Accepts and processes a PKCS #7 message containing a certificate. The PKCS #7 is input as a parameter. (Inherited from ICEnroll) |
| AcceptResponse | Accepts delivery of the credentials issued in response to an earlier call to createRequest and places the credentials in the appropriate store. (Inherited from ICEnroll4) |
| addAttributeToRequest | Adds an attribute to the certificate request. (Inherited from ICEnroll4) |
| addCertTypeToRequest | Adds a certificate template to a request (used to support the enterprise certification authority (CA)). (Inherited from ICEnroll2) |
| addCertTypeToRequestEx | Adds a certificate template (or "certificate type") to a request. (Inherited from ICEnroll4) |
| addExtensionToRequest | Adds an extension to the request. (Inherited from ICEnroll4) |
| addNameValuePairToRequest | Adds a name-value string pair to the request. (Inherited from ICEnroll4) |
| addNameValuePairToSignature | Adds the name and value pair of an attribute to the request. It is up to the CA to interpret the meaning of the name-value pair. (Inherited from ICEnroll2) |
| addNameValuePairToSignature | Adds a name-value string pair to the signature. (Inherited from ICEnroll4) |
| binaryToString | Converts a binary data BLOB to a string. (Inherited from ICEnroll4) |
| createFilePFX | Saves the accepted certificate chain and private key in a file in Personal Information Exchange (PFX) format. (Inherited from ICEnroll4) |
| createFilePKCS10 | Creates a base64-encoded PKCS #10 certificate request and saves it in a file. (Inherited from ICEnroll) |
| createFileRequest | Creates a PKCS #10 certificate request, a PKCS #7 request, or a full Certificate Management over CMS (CMC) request and stores it in a file. (Inherited from ICEnroll4) |
| createPFX | Saves the accepted certificate chain and private key in a PFX format string. The PFX format is also known as PKCS #12. (Inherited from ICEnroll4) |
| createPKCS10 | Creates a base64-encoded PKCS #10 certificate request. (Inherited from ICEnroll) |
| createRequest | Creates a PKCS #10, PKCS #7, or full CMC format certificate request and stores it in a string. (Inherited from ICEnroll4) |
| EnumAlgs | Retrieves the IDs of cryptographic algorithms in a given algorithm class that are supported by the current CSP. (Inherited from ICEnroll3) |
| enumContainers | Retrieves the names of the containers for the cryptographic service provider (CSP) specified by the ProviderName property. (Inherited from ICEnroll) |
| enumPendingRequest | Enumerates pending certificate requests and retrieves a specified property from each. (Inherited from ICEnroll4) |
| enumProviders | Retrieves the names of the available CSPs specified by the ProviderType property. (Inherited from ICEnroll) |
| freeRequestInfo | Cleans up the stores if an error occurs. Currently not implemented. (Inherited from ICEnroll) |
| GetAlgName | Retrieves the name of a cryptographic algorithm given its ID. The values retrieved by this method depend on the current CSP. (Inherited from ICEnroll3) |
| getCertFromFileResponse | Retrieves the certificate from a file containing a response from a CA. (Inherited from ICEnroll4) |
| getCertFromPKCS7 | Retrieves the certificate, contained in a PKCS #7 message, that was issued in response to a PKCS #10 certificate request. (Inherited from ICEnroll) |
| getCertFromResponse | Retrieves the certificate from a CA's response. (Inherited from ICEnroll4) |
| GetKeyLen | Retrieves the minimum and maximum key lengths for the signature and exchange keys. (Inherited from ICEnroll3) |
| GetKeyLenEx | Retrieves size information for the signature and exchange keys. (Inherited from ICEnroll4) |
| getProviderType | Retrieves the type of the specified CSP. (Inherited from ICEnroll4) |
| GetSupportedKeySpec | Retrieves information regarding the CSP's support for signature or exchange keys. (Inherited from ICEnroll3) |
| InstallPKCS7 | Processes a certificate or chain of certificates, placing them into the appropriate certificate stores. This method differs from the acceptPKCS7 method in that InstallPKCS7 does not receive a request certificate. (Inherited from ICEnroll3) |
| InstallPKCS7Ex | The same as InstallPKCS7 except that it returns the number of certificates actually installed in local stores. (Inherited from ICEnroll4) |
| removePendingRequest | Removes a pending request from the client's request store. (Inherited from ICEnroll4) |
| Reset | Returns the certificate enrollment control object to its initial state. (Inherited from ICEnroll3) |
| resetAttributes | Removes all attributes from the request. (Inherited from ICEnroll4) |
| resetExtensions | Removes all extensions from the request. (Inherited from ICEnroll4) |
| setPendingRequestInfo | Sets properties for a pending request. (Inherited from ICEnroll4) |
| stringToBinary | Converts an encoded string to a binary data BLOB. (Inherited from ICEnroll4) |
Properties
The CEnroll object has these properties.
| Property | Access type | Description |
|---|---|---|
Read/write |
Sets or retrieves a flag that controls the certificate store when it is opened. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the name of the store where all non-"ROOT" and non-"MY" certificates are kept. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the type of store to use for the store specified by the CAStoreName property. (Inherited from ICEnroll) |
|
Sets or retrieves the client ID request attribute. (Inherited from ICEnroll4) |
||
Read/write |
Sets or retrieves the name of the key container to use. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves a Boolean indicator that controls whether dummy certificates in the request store are deleted. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves a Boolean value that controls whether the PKCS10 will contain a signed attribute for Secure/Multipurpose Internet Mail Extensions (S/MIME) capabilities. (Inherited from ICEnroll3) |
|
Read/write |
Sets or retrieves a Boolean value that controls whether the distinguished name in the request is encoded as a T61 string instead of as a UNICODE string. (Inherited from ICEnroll2) |
|
Read/write |
Sets or retrieves a flag that controls whether a private key is exportable. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the hash algorithm used when signing a PKCS #10 certificate request. (Inherited from ICEnroll3) |
|
Read/write |
Sets or retrieves only the signature hash algorithm used to sign the PKCS #10. (Inherited from ICEnroll) |
|
Sets or retrieves a Boolean value that controls whether a subject key identifier extension is included in the certificate request. (Inherited from ICEnroll4) |
||
Read/write |
Sets or retrieves the type of key generated. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves a Boolean value that controls whether an AT_KEYEXCHANGE request contains digital signature and non-repudiation key usages. (Inherited from ICEnroll3) |
|
Read/write |
Sets the registry location used for the MY store. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the name of the store where certificates with linked private keys are kept. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the type of store specified by the MyStoreName property. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the certificate that is used to archive a private key with a PKCS #7 or CMC request. (Inherited from ICEnroll4) |
|
Read/write |
Sets or retrieves the CSP type. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the name of the CSP to use. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the type of provider. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the name of the file that will contain exported keys. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the registry location used for the REQUEST store. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the name of the store that contains the dummy certificate. This dummy certificate, along with the added private keys, remains in the request store until a certification authority processes the request and responds with a PKCS #7. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the type of store to use for the store specified by the RequestStoreName property. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves a Boolean value that determines the action taken by the certificate enrollment control object if an error is encountered when generating a new key. (Inherited from ICEnroll3) |
|
Read/write |
Sets or retrieves the registry location used for the ROOT store. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the name of the root store where all intrinsically trusted self-signed ROOT certificates are kept. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves the type of store to use for the store specified by the RootStoreName property. (Inherited from ICEnroll) |
|
Sets the signing certificate. (Inherited from ICEnroll4) |
||
Read/write |
Sets or retrieves the name of the file to write the resulting base64-encoded PKCS #7 (in BSTR form) as returned from the certification authority. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves a hash of the certificate data. (Inherited from ICEnroll4) |
|
Read/write |
Sets or retrieves a Boolean value that indicates whether the existing keys should be used. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves a Boolean value that indicates whether a certificate should be written to the CSP. (Inherited from ICEnroll) |
|
Read/write |
Sets or retrieves a Boolean value that controls whether the certificate is written to the user's Active Directory store. (Inherited from ICEnroll2) |
Requirements
Minimum supported client |
Windows XP [desktop apps only] |
Minimum supported server |
Windows Server 2003 [desktop apps only] |