The ICertExit interface provides communications between the Certificate Services server and an exit module.
The Certificate Services server calls the ICertExit methods to perform the following tasks:
- Initialize the Certificate Services server.
- Notify the exit module of an event such as certificate issuance, certificate revocation list (CRL) issuance, or server shutdown, has occurred.
- Retrieve a description of the exit module.
ICertExit is defined in Certexit.h. When you create your program, however, use Certsrv.h as the include file.
Certificate Services interfaces support both apartment-threading and free-threading models. For better throughput, free threading is recommended.
The ICertExit interface is extended by the ICertExit2 interface. All the methods defined by ICertExit are inherited by ICertExit2 and are documented under the newer interface.
The ICertExit interface inherits from the IDispatch interface. ICertExit also has these types of members:
The ICertExit interface has these methods.
Returns a description of the exit module and its function.(Inherited from ICertExitICertExit2 CCertExit2)
Called by the server engine when it initializes itself.(Inherited from ICertExitICertExit2 CCertExit2)
Called by the server engine to notify an exit module that an event has occurred.(Inherited from ICertExitICertExit2 CCertExit2)
Implementers of ICertExit should also implement ICertManageModule. Additionally, the ProgID for a class implementing ICertExit must conform to a naming convention. Specifically, the ProgID must be of the form:
Where MyApp is a specifier that identifies the application. For example, in C++, the following code could be used in the DECLARE_REGISTRY macro of a class (CMyCertExitModule) which implements ICertExit.
DECLARE_REGISTRY( CMyCertExitModule, L"MyCode.Exit.1", L"MyCode.Exit", IDS_CERTEXITMODULE_DESC, THREADFLAGS_BOTH)
For the previous sample, the IDS_CERTEXITMODULE_DESC value is an application-specific identifier in the resource file (.rc) for a string that describes the class.
String constants defined in Certmod.h can be used to simplify following the naming convention.
No more than one Visual Basic Scripting Edition exit module may be registered on the Certificate Services server at one time. If more than one Visual Basic Scripting Edition exit module is registered, the Certification Authority MMC snap-in, Certificate Services application, or certutil command line program may produce errors. Note that the Visual Basic Scripting Edition development environment automatically registers a DLL when it is successfully built. As a result, you may encounter this situation when one Visual Basic Scripting Edition exit module is already registered and another Visual Basic Scripting Edition exit module is created. To avoid this situation, you must unregister one of the Visual Basic Scripting Edition exit modules, by means of the command-line instruction regsvr32 /u FileName.dll, where FileName.dll is the name of the Visual Basic Scripting Edition exit module that is not intended to be made active.
Implementers of ICertExit in Visual Basic Scripting Edition must name their project in the form:
Where MyApp is a specifier that identifies the application; further, the class implementing ICertExit must be named "Exit".
Minimum supported client
Minimum supported server
|Windows Server 2003 [desktop apps only]|
IID_ICertExit is defined as e19ae1a0-7364-11d0-8816-00a0c903b83c