3.2.4.1.1 CertServerRequest (Opnum 0)

  • Article

The CertServerRequest method processes a certificate enrollment request from the client.<6>

 DWORD CertServerRequest(
   [in] handle_t h,
   [in] DWORD dwFlags,
   [in, string, unique] const wchar_t* pwszAuthority,
   [in, out, ref] DWORD* pdwRequestId,
   [out] DWORD* pdwDisposition,
   [in, ref] const CERTTRANSBLOB* pctbAttribs,
   [in, ref] const CERTTRANSBLOB* pctbRequest,
   [out, ref] CERTTRANSBLOB* pctbCert,
   [out, ref] CERTTRANSBLOB* pctbEncodedCert,
   [out, ref] CERTTRANSBLOB* pctbDispositionMessage
 );

h: A handle retrieved during the RPC bind operation, as specified in [MS-RPCE] section 2.2.2.

dwFlags: The dwFlags parameter has identical syntax and semantics to the dwFlags parameter specified in [MS-WCCE] section 3.2.1.4.2.1.

pwszAuthority: The pwszAuthority parameter has identical syntax and semantics to the pwszAuthority parameter specified in [MS-WCCE] section 3.2.1.4.2.1.

pdwRequestId: The pdwRequestId parameter has identical syntax and semantics to the pdwRequestId parameter specified in [MS-WCCE] section 3.2.1.4.2.1.

pdwDisposition: The pdwDisposition parameter has identical syntax and semantics to the pdwDisposition parameter specified in [MS-WCCE] section 3.2.1.4.2.1.

pctbAttribs: A pointer to a CERTTRANSBLOB structure, as specified in [MS-WCCE] section 2.2.2.2, where the pb field of this structure points to a Unicode (as specified in [UNICODE4.0]) null-terminated string and the cb field contains the length of the string, including the NULL-terminated character (in bytes). If the value of the cb field does not match the length, in bytes, of the string (including the terminating null character), the CA MUST return the E_INVALIDARG error (0x80070057) to the client. Otherwise, the semantics of the string pointed to by the pb field are identical to the pwszAttributes parameter specified in [MS-WCCE] section 3.2.1.4.2.1.

pctbRequest: The pctbRequest parameter has identical syntax and semantics to the pctbRequest parameter, as specified in [MS-WCCE] section 3.2.1.4.2.1.

pctbCert: The pctbCert parameter has identical syntax and semantics to the pctbCertChain parameter, as specified in [MS-WCCE] section 3.2.1.4.2.1.

pctbEncodedCert: The pctbEncodedCert parameter has identical syntax and semantics to the pctbEncodedCert parameter, as specified in [MS-WCCE] section 3.2.1.4.2.1.

pctbDispositionMessage: The pctbDispositionMessage parameter has identical syntax and semantics to the pctbDispositionMessage parameter, as specified in [MS-WCCE] section 3.2.1.4.2.1.

Return Values: The method MUST return ERROR_SUCCESS (0x00000000) on success. This method's return values MUST have identical syntax and semantics to the return values specified in [MS-WCCE] section 3.2.1.4.2.1.

If the ADM element Config.CA.Interface.Flags contains the value IF_NORPCICERTREQUEST, the server SHOULD return an error.<7>

If the ADM element Config.CA.Interface.Flags contains the value IF_ENFORCEENCRYPTICERTREQUEST and the RPC_C_AUTHN_LEVEL_PKT_PRIVACY authentication level ([MS-RPCE] section 2.2.1.1.8) is not specified on the RPC connection from the client, the CA MUST refuse to establish a connection with the client by returning E_ACCESSDENIED (0x80000009).

Otherwise, the processing rules for the ICertRequestD::Request method ([MS-WCCE] section 3.2.2.6.2.1) apply, except that if the ADM element Config.CA.Interface.Flags contains the value IF_NOREMOTEICERTREQUEST, these values are ignored and the request is processed as though the values were absent.