Certificate Request Functions

The CertEnroll.dll library implements five interfaces that can be used to create and manage a certificate request. Of these, the IX509CertificateRequest interface represents an abstract base object that defines method signatures inherited by the following four interfaces.

Interface Description
IX509CertificateRequestCertificate Enables you to create a certificate directly without applying to a certification authority (CA).
IX509CertificateRequestCmc Represents a Certificate Management over CMS (CMC) (Certificate Management Message over CMS) certificate request that can contain a nested PKCS #10 request or another CMC request object.
IX509CertificateRequestPkcs7 Represents a PKCS #7 certificate message syntax (CMS) request object that must contain a nested PKCS #10 request.
IX509CertificateRequestPkcs10 Represents a PKCS #10 certificate request. A PKCS #10 request can be sent directly to a CA, or it can be wrapped by a PKCS #7 or CMC request.

You can use a certificate request object to initialize an IX509Enrollment object to enroll a client in a certificate hierarchy and install the certificate response returned by the CA.

Each of the following sections identifies a function exported by Xenroll.dll to create, enumerate, or delete certificate requests. Each section also discusses how to use CertEnroll.dll to replace the function or indicates that no mapping between the two libraries exists:

createFilePKCS10WStr

The createFilePKCS10WStr function in Xenroll.dll creates a base64-encoded PKCS #10 certificate request and saves it in a file.

The CertEnroll.dll library does not directly implement functionality to write a request to a file. You can, however, retrieve a certificate request by calling the RawData property on the IX509CertificateRequest object and creating a custom function to copy the value to a file.

createFileRequestWStr

The createFileRequestWStr function in Xenroll.dll creates a PKCS #7, PKCS #10, or CMC certificate request and saves it in a file.

The CertEnroll.dll library does not directly implement functionality to write a request to a file. You can, however, retrieve a certificate request by calling the RawData property on the IX509CertificateRequest object and creating a custom function to copy the value to a file.

createPKCS10WStr

The createPKCS10WStr function in Xenroll.dll creates a PKCS #10 certificate request and copies it to a byte array.

You can use an IX509CertificateRequestPkcs10 object to initialize a PKCS #10 request from an existing request, an existing certificate, a private key, a public key, or a template.

CreatePKCS7RequestFromRequest

The CreatePKCS7RequestFromRequest function in Xenroll.dll creates a PKCS #7 certificate request and copies it to a byte array.

You can use an IX509CertificateRequestPkcs7 object to initialize a PKCS #7 request from an existing request, an existing certificate, an inner request object, or a template.

createRequestWStr

The createRequestWStr function in Xenroll.dll creates a PKCS #7, PKCS #10, or CMC certificate request and copies it to a byte array.

To use the CertEnroll.dll library to create PKCS #7, PKCS #10, or CMC requests, you can create and initialize instances of the IX509CertificateRequestPkcs7, IX509CertificateRequestPkcs10, or IX509CertificateRequestCmc objects.

DeleteRequestCert

The DeleteRequestCert function in Xenroll.dll specifies or retrieves a Boolean value that indicates whether a dummy certificate is removed after a certificate response has been installed.

The IX509Enrollment object in CertEnroll.dll automatically creates dummy certificates in the request store to temporarily save various certificate properties that are initialized during the enrollment process. After a certificate is issued by a CA, the properties are copied to the new certificate and the dummy certificate is deleted. The CertEnroll.dll library does not allow you to force a dummy certificate to remain after the certificate response has been installed.

enumPendingRequestWStr

The enumPendingRequestWStr function in Xenroll.dll retrieves a specified property value for a pending request.

The CertEnroll.dll library does not directly implement functionality to remove a pending certificate request.

removePendingRequestWStr

The removePendingRequestWStr function in Xenroll.dll removes a pending request from the request store.

The CertEnroll.dll library does not directly implement functionality to remove a pending certificate request.

Reset

The Reset function in Xenroll.dll returns the Certificate Enrollment Control to an initial state.

You can achieve the same result by using Certenroll.dll to create a new request object of the required type.

setPendingRequestInfoWStr

The setPendingRequestInfoWStr function in Xenroll.dll specifies properties for the pending request.

The CertEnroll.dll library does not directly implement functionality to remove a pending certificate request. You can call the CAConfigString property on the IX509Enrollment object to retrieve a configuration string but only for an active enrollment object.

Mapping Xenroll.dll to CertEnroll.dll

ISignerCertificate

IX509CertificateRequest

IX509CertificateRequestCertificate

IX509CertificateRequestCmc

IX509CertificateRequestPkcs7

IX509CertificateRequestPkcs10

IX509Enrollment