CertCreateContext function

The CertCreateContext function creates the specified context from the encoded bytes. The context created does not include any extended properties.


const void* WINAPI CertCreateContext(
  _In_           DWORD                     dwContextType,
  _In_           DWORD                     dwEncodingType,
  _In_     const BYTE                      *pbEncoded,
  _In_           DWORD                     cbEncoded,
  _In_           DWORD                     dwFlags,
  _In_opt_       PCERT_CREATE_CONTEXT_PARA pCreatePara


dwContextType [in]

Specifies the contexts that can be created. For example, to create a certificate context, set dwContextType to CERT_STORE_CERTIFICATE_CONTEXT.

Currently defined context type flags are shown in the following table.


Certificate context.


CRL context.


CTL context.


dwEncodingType [in]

Specifies the encoding type used. Currently, only X509_ASN_ENCODING and PKCS_7_ASN_ENCODING are being used; however, additional encoding types may be added in the future. For either current encoding type, use: X509_ASN_ENCODING | PKCS_7_ASN_ENCODING.

pbEncoded [in]

A pointer to a buffer that contains the existing encoded context content to be copied.

cbEncoded [in]

The size, in bytes, of the pbEncoded buffer.

dwFlags [in]

The following flag values are defined and can be combined by using a bitwise-OR operation.


The created context points directly to the content pointed to by pbEncoded instead of an allocated copy.


The function creates a context with sorted entries. Currently, this flag only applies to a CTL context.

For CTLs, the cCTLEntry member of the returned CTL_INFO structure is always zero. CertFindSubjectInSortedCTL and CertEnumSubjectInSortedCTL must be called to find or enumerate the CTL entries.


By default, when a CTL context is created, a HCRYTPMSG handle to its SignedData message is created. This flag can be set to improve performance by not creating this handle. This flag can only be used when dwContextType is CERT_STORE_CTL_CONTEXT.


By default, when a CTL context is created, its entries are decoded. When this flag is set, the entries are not decoded and performance is improved. This flag can only be used when dwContextType is CERT_STORE_CTL_CONTEXT.


pCreatePara [in, optional]

A pointer to a CERT_CREATE_CONTEXT_PARA structure.

If pCreatePara and its pfnFree member are both non-NULL, the pfnFree member is used to free the memory specified by the pvFree member. If the pvFree member is NULL, the pfnFree member is used to free the pbEncoded pointer.

If pCreatePara or its pfnFree member is NULL, no attempt is made to free pbEncoded.

Return value

If the function succeeds, the return value is a pointer to the newly created context. The pvFree member of pCreatePara must be called to free the created context.

If the function fails, the return value is NULL. For extended error information, call GetLastError.

If GetLastError returns ERROR_CANCELLED, this means that the PFN_CERT_CREATE_CONTEXT_SORT_FUNC callback function returned FALSE to stop the sort.


Minimum supported client

Windows XP [desktop apps | UWP apps]

Minimum supported server

Windows Server 2003 [desktop apps | UWP apps]







See also

Certificate and Certificate Store Maintenance Functions