IX509CertificateRequestPkcs10::InitializeFromTemplateName method

Applies to: desktop apps only

The InitializeFromTemplateName method initializes the certificate request by using a template.

Syntax

HRESULT InitializeFromTemplateName(
  [in]  X509CertificateEnrollmentContext Context,
  [in]  BSTR strTemplateName
);

Parameters

Context [in]

An X509CertificateEnrollmentContext enumeration value that specifies whether the requested certificate is intended for an end user, a computer, or administrator acting on behalf of the computer.

strTemplateName [in]

Pointer to a BSTR variable that contains the Common Name (CN) of the template as it appears in Active Directory or the dotted decimal object identifier.

Return value

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

Return code/value	Description
HRESULT_FROM_WIN32(ERROR_ALREADY_INITIALIZED)	The certificate request object has already been initialized.

 

Remarks

The InitializeFromTemplateName method creates the following collections:

• An ICryptAttributes collection.
• An IX509Extensions collection.
• An IObjectIds collection populated with the default XCN_OID_KEY_USAGE and XCN_OID_BASIC_CONSTRAINTS2 object identifiers.
• An empty IObjectIds collection for attribute and extension OIDs to be suppressed from the new request.

The method then examines the template and performs the following actions:

• Adds the extensions specified by the template to the IX509Extensions collection.
• Removes the default critical extensions (XCN_OID_KEY_USAGE and XCN_OID_BASIC_CONSTRAINTS2) from the collection if the template indicates that they are not critical. The OIDs marked critical by the template are added.
• Sets the SmimeCapabilities property if the template supports symmetric algorithms.
• Sets the AlternateSignatureAlgorithm property if the template requires a discrete signature algorithm OID.
• Creates an IX509SignatureInformation object.
• Creates a hash algorithm OID if the algorithm is specified in the template and sets it on the IX509SignatureInformation object.
• Creates an asymmetric encryption algorithm OID if the algorithm is specified in the template and sets it on the IX509SignatureInformation object.
• Sets the following IX509PrivateKey properties from the template settings:
  • KeySpec
  • KeyUsage
  • Length
  • ExportPolicy
  • KeyProtection
  • SecurityDescriptor
  • Silent
  • MachineContext
  • Algorithm

If the CSPInformations property is NULL, the method creates an ICspInformations collection from the providers installed on the computer.

Requirements

Minimum supported client	Windows Vista
Minimum supported server	Windows Server 2008
Header	CertEnroll.h
DLL	CertEnroll.dll

See also

IX509CertificateRequestPkcs10

 

 

Send comments about this topic to Microsoft

Build date: 2/3/2012

C# example of generating a Base64-encoded PKCS10 request on Windows Vista, and pre Windows Vista

The following C# code is an example of generating a Base64-encoded PKCS10 request on Windows Vista, and pre Windows Vista.

using CERTENROLLLib; // Also Add Reference to CertEnroll.dll COM component.

internal static string CreatePKCS10(string strDN)
{
    if (Environment.OSVersion.Version.Major >= 6)
        return CreatePKCS10_ViaCertEnroll(strDN);
    else  // XP/2003 and earlier
        return CreatePKCS10_ViaXEnroll(strDN);
}

internal static string CreatePKCS10_ViaCertEnroll(string strDN)
{
    // Create a PKCS10 request based on the "User" Template, which implies the following OIDs:
    //      Encrypting File System (1.3.6.1.4.1.311.10.3.4)   // XCN_OID_KP_EFS
    //      Secure Email (1.3.6.1.5.5.7.3.4)  // XCN_OID_PKIX_KP_EMAIL_PROTECTION
    //      Client Authentication (1.3.6.1.5.5.7.3.2) // XCN_OID_PKIX_KP_CLIENT_AUTH

    CX500DistinguishedName cX500DistinguishedName = new CX500DistinguishedName();
    cX500DistinguishedName.Encode(strDN, X500NameFlags.XCN_CERT_NAME_STR_NONE);

    CX509CertificateRequestPkcs10 request = new CX509CertificateRequestPkcs10();
    // Note: X509CertificateEnrollmentContext.ContextMachine requires Administrative access
    request.InitializeFromTemplateName(X509CertificateEnrollmentContext.ContextUser, "User");
    request.Subject = cX500DistinguishedName;

    request.Encode();
    string pkcs10request = request.get_RawData(EncodingType.XCN_CRYPT_STRING_BASE64);
    // System.Runtime.InteropServices.Marshal.ReleaseComObject not called since client application
    // (see http://blogs.msdn.com/cbrumme/archive/2003/04/16/51355.aspx)
    return pkcs10request;
}

internal static string CreatePKCS10_ViaXEnroll(string strDN)
{
    // Create a PKCS10 request for ClientAuthentication only
    string OID_CLIENT_AUTHENTICATION = "1.3.6.1.5.5.7.3.2";
    Type oEnrollType = Type.GetTypeFromProgID("CEnroll.CEnroll.1", true);
    ICEnroll oEnroll = (ICEnroll)Activator.CreateInstance(oEnrollType);
    return oEnroll.createPKCS10(strDN, OID_CLIENT_AUTHENTICATION);
}