ICertAdmin2::GetRevocationReason method

The GetRevocationReason method returns the reason a certificate was revoked. This method was first defined in the ICertAdmin interface.

Before you call this method, you must call the IsValidCertificate method. For more information, see Remarks.

Syntax


HRESULT GetRevocationReason(
  [out] LONG *pReason
);

Parameters

pReason [out]

A pointer to a variable that will receive the revocation reason.

Return value

C++

If the method succeeds, the method returns S_OK, and the pReason parameter is set to one of the values listed in the following table.

If the method fails, it returns an HRESULT value that indicates the error. For a list of common error codes, see Common HRESULT Values.

VB

Returns a value that specifies the reason the certificate was revoked. The value can be one of the following revocation reason codes (defined in Wincrypt.h).

Return codeDescription
CRL_REASON_UNSPECIFIED

No reason was specified for revocation.

CRL_REASON_KEY_COMPROMISE

It is known or suspected that the subject's private key or other aspects of the subject validated in the certificate are compromised.

CRL_REASON_CA_COMPROMISE

It is known or suspected that the CA's private key or other aspects of the CA validated in the certificate are compromised.

CRL_REASON_AFFILIATION_CHANGED

The subject's name or other information in the certificate has been modified but there is no cause to suspect that the private key has been compromised.

CRL_REASON_SUPERSEDED

The certificate has been superseded, but there is no cause to suspect that the private key has been compromised.

CRL_REASON_CESSATION_OF_OPERATION

The certificate is no longer needed for the purpose for which it was issued, but there is no cause to suspect that the private key has been compromised.

CRL_REASON_CERTIFICATE_HOLD

The certificate has been placed on hold.

 

Remarks

Before you call GetRevocationReason, call the IsValidCertificate method to retrieve the disposition of the certificate. To call GetRevocationReason, you must receive a certificate disposition CA_DISP_REVOKED from this earlier call, indicating that the certificate has been revoked. The call to IsValidCertificate establishes the identity of the certificate whose revocation reason you want to retrieve.

Administration tasks use DCOM. Code that calls this interface method as defined in an earlier version of Certadm.h will run on Windows-based servers as long as the client and the server are both running the same Windows operating system.

Examples


// The value for nDisp was set by 
// a call to ICertAdmin2::IsValidCertificate.
if (CA_DISP_REVOKED == nDisp)
{
    // Variable to contain revocation reason.
    long       nReason;

    // Retrieve the revocation reason.
    hr = pCertAdmin->GetRevocationReason(&nReason);
    if (FAILED(hr))
    {
        printf("Failed GetRevocationReason [%x]\n", hr);
        goto error;
    }
    else
        printf("Revocation reason = %d\n", nReason );
}

Requirements

Minimum supported client

None supported

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Certadm.h (include Certsrv.h)

Library

Certidl.lib

DLL

Certadm.dll

IID

IID_ICertAdmin2 is defined as f7c3ac41-b8ce-4fb4-aa58-3d1dc0e36b39

See also

CCertAdmin
ICertAdmin
ICertAdmin2
IsValidCertificate

 

 

Show: