Export (0) Print
Expand All
Expand Minimize

IEnroll4::createPKCS10WStr method

[This method is no longer available for use as of Windows Server 2008 and Windows Vista.]

The createPKCS10WStr method creates a base64-encoded PKCS #10 certificate request. This method was first defined in the IEnroll interface.

This base64-encoded PKCS #10 certificate request (in BSTR form) can be submitted to a certification authority to request that a certificate be issued to the person or entity whose information it contains.


  [in]   LPCWSTR DNName,
  [in]   LPCWSTR Usage,
  [out]  PCRYPT_DATA_BLOB *pPkcs10Blob


DNName [in]

A null-terminated Unicode string that contains the distinguished name (DN) of the entity for which the request is being made. In this parameter, the DN name must follow the X.500 naming convention. For example "CN=User, O=Microsoft". If a two-letter prefix does not exist, an object identifier (OID) may be provided instead.

Usage [in]

A null-terminated Unicode string that contains an OID that describes the purpose of the certificate being generated. For example, Individual or Commercial Authenticode certificate, or Client Authentication. You can also specify multiple OIDs separated by a comma.

The OID is passed through to the PKCS #10 request. For general extensibility and ease of understanding, the control does not attempt to understand specific-purpose OIDs. Therefore if you specify a Client Authentication OID, the generated key will still be a signature key, not an exchange key.

pPkcs10Blob [out]

A pointer to a CRYPT_DATA_BLOB that receives the base64-encoded PKCS10 certificate request.

When you have finished using this memory, free it by passing the pbData member of this structure to the CoTaskMemFree function.

Return value

If the method succeeds, the method returns S_OK and pPkcs10Blob contains a base64-encoded PKCS #10 request that can be directly posted to a web server for processing.

If the method fails, it returns an HRESULT value that indicates the error. For a list of common error codes, see Common HRESULT Values.


By default, the Microsoft Base Cryptographic Provider is used, PROV_RSA_FULL is the provider type, a signature key is created, and a unique new key set is created.


Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

End of client support

Windows XP

End of server support

Windows Server 2003








IID_IEnroll4 is defined as f8053fe5-78f4-448f-a0db-41d61b73446b

See also




Community Additions

© 2015 Microsoft