CEnroll object
The CEnroll object represents the Certificate Enrollment Control. It is primarily used when programming in Visual Basic or another Automation language.
The CEnroll object exposes the following interfaces:
Methods
The CEnroll object has these methods.
| Method | Description |
|---|---|
| acceptFilePKCS7 |
Accepts and processes a PKCS #7 message containing a certificate, then stores the message to a file. (Inherited from ICEnroll) |
| acceptFileResponse |
Accepts delivery of the credentials issued in response to an earlier call to createFileRequest, and it places the credentials in the appropriate store. (Inherited from ICEnroll4) |
| acceptPKCS7 |
Accepts and processes a PKCS #7 message containing a certificate. The PKCS #7 is input as a parameter. (Inherited from ICEnroll) |
| AcceptResponse |
Accepts delivery of the credentials issued in response to an earlier call to createRequest and places the credentials in the appropriate store. (Inherited from ICEnroll4) |
| addAttributeToRequest |
Adds an attribute to the certificate request. (Inherited from ICEnroll4) |
| addCertTypeToRequest |
Adds a certificate template to a request (used to support the enterprise certification authority (CA)). (Inherited from ICEnroll2) |
| addCertTypeToRequestEx |
Adds a certificate template (or "certificate type") to a request. (Inherited from ICEnroll4) |
| addExtensionToRequest |
Adds an extension to the request. (Inherited from ICEnroll4) |
| addNameValuePairToRequest |
Adds a name-value string pair to the request. (Inherited from ICEnroll4) |
| addNameValuePairToSignature |
Adds the name and value pair of an attribute to the request. It is up to the CA to interpret the meaning of the name-value pair. (Inherited from ICEnroll2) |
| addNameValuePairToSignature |
Adds a name-value string pair to the signature. (Inherited from ICEnroll4) |
| binaryToString |
Converts a binary data BLOB to a string. (Inherited from ICEnroll4) |
| createFilePFX |
Saves the accepted certificate chain and private key in a file in Personal Information Exchange (PFX) format. (Inherited from ICEnroll4) |
| createFilePKCS10 |
Creates a base64-encoded PKCS #10 certificate request and saves it in a file. (Inherited from ICEnroll) |
| createFileRequest |
Creates a PKCS #10 certificate request, a PKCS #7 request, or a full Certificate Management over CMS (CMC) request and stores it in a file. (Inherited from ICEnroll4) |
| createPFX |
Saves the accepted certificate chain and private key in a PFX format string. The PFX format is also known as PKCS #12. (Inherited from ICEnroll4) |
| createPKCS10 |
Creates a base64-encoded PKCS #10 certificate request. (Inherited from ICEnroll) |
| createRequest |
Creates a PKCS #10, PKCS #7, or full CMC format certificate request and stores it in a string. (Inherited from ICEnroll4) |
| EnumAlgs |
Retrieves the IDs of cryptographic algorithms in a given algorithm class that are supported by the current CSP. (Inherited from ICEnroll3) |
| enumContainers |
Retrieves the names of the containers for the cryptographic service provider (CSP) specified by the ProviderName property. (Inherited from ICEnroll) |
| enumPendingRequest |
Enumerates pending certificate requests and retrieves a specified property from each. (Inherited from ICEnroll4) |
| enumProviders |
Retrieves the names of the available CSPs specified by the ProviderType property. (Inherited from ICEnroll) |
| freeRequestInfo |
Cleans up the stores if an error occurs. Currently not implemented. (Inherited from ICEnroll) |
| GetAlgName |
Retrieves the name of a cryptographic algorithm given its ID. The values retrieved by this method depend on the current CSP. (Inherited from ICEnroll3) |
| getCertFromFileResponse |
Retrieves the certificate from a file containing a response from a CA. (Inherited from ICEnroll4) |
| getCertFromPKCS7 |
Retrieves the certificate, contained in a PKCS #7 message, that was issued in response to a PKCS #10 certificate request. (Inherited from ICEnroll) |
| getCertFromResponse |
Retrieves the certificate from a CA's response. (Inherited from ICEnroll4) |
| GetKeyLen |
Retrieves the minimum and maximum key lengths for the signature and exchange keys. (Inherited from ICEnroll3) |
| GetKeyLenEx |
Retrieves size information for the signature and exchange keys. (Inherited from ICEnroll4) |
| getProviderType |
Retrieves the type of the specified CSP. (Inherited from ICEnroll4) |
| GetSupportedKeySpec |
Retrieves information regarding the CSP's support for signature or exchange keys. (Inherited from ICEnroll3) |
| InstallPKCS7 |
Processes a certificate or chain of certificates, placing them into the appropriate certificate stores. This method differs from the acceptPKCS7 method in that InstallPKCS7 does not receive a request certificate. (Inherited from ICEnroll3) |
| InstallPKCS7Ex |
The same as InstallPKCS7 except that it returns the number of certificates actually installed in local stores. (Inherited from ICEnroll4) |
| removePendingRequest |
Removes a pending request from the client's request store. (Inherited from ICEnroll4) |
| Reset |
Returns the certificate enrollment control object to its initial state. (Inherited from ICEnroll3) |
| resetAttributes |
Removes all attributes from the request. (Inherited from ICEnroll4) |
| resetExtensions |
Removes all extensions from the request. (Inherited from ICEnroll4) |
| setPendingRequestInfo |
Sets properties for a pending request. (Inherited from ICEnroll4) |
| stringToBinary |
Converts an encoded string to a binary data BLOB. (Inherited from ICEnroll4) |
Properties
The CEnroll object has these properties.
| Property | Access type | Description |
|---|---|---|
| Read/write |
Sets or retrieves a flag that controls the certificate store when it is opened. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the name of the store where all non-"ROOT" and non-"MY" certificates are kept. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the type of store to use for the store specified by the CAStoreName property. (Inherited from ICEnroll) | |
|
Sets or retrieves the client ID request attribute. (Inherited from ICEnroll4) | ||
| Read/write |
Sets or retrieves the name of the key container to use. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves a Boolean indicator that controls whether dummy certificates in the request store are deleted. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves a Boolean value that controls whether the PKCS10 will contain a signed attribute for Secure/Multipurpose Internet Mail Extensions (S/MIME) capabilities. (Inherited from ICEnroll3) | |
| Read/write |
Sets or retrieves a Boolean value that controls whether the distinguished name in the request is encoded as a T61 string instead of as a UNICODE string. (Inherited from ICEnroll2) | |
| Read/write |
Sets or retrieves a flag that controls whether a private key is exportable. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the hash algorithm used when signing a PKCS #10 certificate request. (Inherited from ICEnroll3) | |
| Read/write |
Sets or retrieves only the signature hash algorithm used to sign the PKCS #10. (Inherited from ICEnroll) | |
|
Sets or retrieves a Boolean value that controls whether a subject key identifier extension is included in the certificate request. (Inherited from ICEnroll4) | ||
| Read/write |
Sets or retrieves the type of key generated. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves a Boolean value that controls whether an AT_KEYEXCHANGE request contains digital signature and non-repudiation key usages. (Inherited from ICEnroll3) | |
| Read/write |
Sets the registry location used for the MY store. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the name of the store where certificates with linked private keys are kept. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the type of store specified by the MyStoreName property. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the certificate that is used to archive a private key with a PKCS #7 or CMC request. (Inherited from ICEnroll4) | |
| Read/write |
Sets or retrieves the CSP type. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the name of the CSP to use. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the type of provider. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the name of the file that will contain exported keys. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the registry location used for the REQUEST store. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the name of the store that contains the dummy certificate. This dummy certificate, along with the added private keys, remains in the request store until a certification authority processes the request and responds with a PKCS #7. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the type of store to use for the store specified by the RequestStoreName property. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves a Boolean value that determines the action taken by the certificate enrollment control object if an error is encountered when generating a new key. (Inherited from ICEnroll3) | |
| Read/write |
Sets or retrieves the registry location used for the ROOT store. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the name of the root store where all intrinsically trusted self-signed ROOT certificates are kept. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves the type of store to use for the store specified by the RootStoreName property. (Inherited from ICEnroll) | |
|
Sets the signing certificate. (Inherited from ICEnroll4) | ||
| Read/write |
Sets or retrieves the name of the file to write the resulting base64-encoded PKCS #7 (in BSTR form) as returned from the certification authority. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves a hash of the certificate data. (Inherited from ICEnroll4) | |
| Read/write |
Sets or retrieves a Boolean value that indicates whether the existing keys should be used. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves a Boolean value that indicates whether a certificate should be written to the CSP. (Inherited from ICEnroll) | |
| Read/write |
Sets or retrieves a Boolean value that controls whether the certificate is written to the user's Active Directory store. (Inherited from ICEnroll2) |
Requirements
|
Minimum supported client | Windows XP [desktop apps only] |
|---|---|
|
Minimum supported server | Windows Server 2003 [desktop apps only] |
Send comments about this topic to Microsoft
Build date: 10/26/2012
