Expand Minimize
EN
Deze inhoud is niet beschikbaar in uw taal, maar wel in het Engels.

CertCreateSelfSignCertificate function

The CertCreateSelfSignCertificate function builds a self-signed certificate and returns a pointer to a CERT_CONTEXT structure that represents the certificate.

Syntax


PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate(
  _In_opt_  HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey,
  _In_      PCERT_NAME_BLOB pSubjectIssuerBlob,
  _In_      DWORD dwFlags,
  _In_opt_  PCRYPT_KEY_PROV_INFO pKeyProvInfo,
  _In_opt_  PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
  _In_opt_  PSYSTEMTIME pStartTime,
  _In_opt_  PSYSTEMTIME pEndTime,
            PCERT_EXTENSIONS pExtensions
);

Parameters

hCryptProvOrNCryptKey [in, optional]

A handle of a cryptographic provider used to sign the certificate created. If NULL, information from the pKeyProvInfo parameter is used to acquire the needed handle. If pKeyProvInfo is also NULL, the default provider type, PROV_RSA_FULL provider type, the default key specification, AT_SIGNATURE, and a newly created key container with a unique container name are used.

This handle must be an HCRYPTPROV handle that has been created by using the CryptAcquireContext function or an NCRYPT_KEY_HANDLE handle that has been created by using the NCryptOpenKey function. New applications should always pass in the NCRYPT_KEY_HANDLE handle of a CNG cryptographic service provider (CSP).

pSubjectIssuerBlob [in]

A pointer to a BLOB that contains the distinguished name (DN) for the certificate subject. This parameter cannot be NULL. Minimally, a pointer to an empty DN must be provided. This BLOB is normally created by using the CertStrToName function. It can also be created by using the CryptEncodeObject function and specifying either the X509_NAME or X509_UNICODE_NAME StructType.

dwFlags [in]

A set of flags that override the default behavior of this function. This can be zero or a combination of one or more of the following values.

ValueMeaning
CERT_CREATE_SELFSIGN_NO_KEY_INFO
2

By default, the returned PCCERT_CONTEXT references the private keys by setting the CERT_KEY_PROV_INFO_PROP_ID. If you do not want the returned PCCERT_CONTEXT to reference private keys by setting the CERT_KEY_PROV_INFO_PROP_ID, specify CERT_CREATE_SELFSIGN_NO_KEY_INFO.

CERT_CREATE_SELFSIGN_NO_SIGN
1

By default, the certificate being created is signed. If the certificate being created is only a dummy placeholder, the certificate might not need to be signed. Signing of the certificate is skipped if CERT_CREATE_SELFSIGN_NO_SIGN is specified.

 

pKeyProvInfo [in, optional]

A pointer to a CRYPT_KEY_PROV_INFO structure. Before a certificate is created, the CSP is queried for the key provider, key provider type, and the key container name. If the CSP queried does not support these queries, the function fails. If the default provider does not support these queries, a pKeyProvInfo value must be specified. The RSA BASE does support these queries.

If the pKeyProvInfo parameter is not NULL, the corresponding values are set in the CERT_KEY_PROV_INFO_PROP_ID value of the generated certificate. You must ensure that all parameters of the supplied structure are correctly specified.

pSignatureAlgorithm [in, optional]

A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure. If NULL, the default algorithm, SHA1RSA, is used.

pStartTime [in, optional]

A pointer to a SYSTEMTIME structure. If NULL, the system current time is used by default.

pEndTime [in, optional]

A pointer to a SYSTEMTIME structure. If NULL, the pStartTime value plus one year will be used by default.

pExtensions [optional]

A pointer to a CERT_EXTENSIONS array of CERT_EXTENSION structures. By default, the array is empty. An alternate subject name, if desired, can be specified as one of these extensions.

Return value

If the function succeeds, a PCCERT_CONTEXT variable that points to the created certificate is returned. If the function fails, it returns NULL. For extended error information, call GetLastError.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Wincrypt.h

Library

Crypt32.lib

DLL

Crypt32.dll

See also

CERT_EXTENSION
CERT_EXTENSIONS
CertStrToName
CRYPT_ALGORITHM_IDENTIFIER
CryptEncodeObject
GetLastError
PCCERT_CONTEXT
SYSTEMTIME

 

 

Community-inhoud

Toevoegen
Weergeven:
© 2014 Microsoft