nf-certenroll-ix509enrollmenthelper-addpolicyserver.md

UID	title	description	helpviewer_keywords	old-location	tech.root	ms.assetid	ms.date	ms.keywords	req.header	req.include-header	req.target-type	req.target-min-winverclnt	req.target-min-winversvr	req.kmdf-ver	req.umdf-ver	req.ddi-compliance	req.unicode-ansi	req.idl	req.max-support	req.namespace	req.assembly	req.type-library	req.lib	req.dll	req.irql	targetos	req.typenames	req.redist	ms.custom	f1_keywords	dev_langs	topic_type	api_type	api_location	api_name
NF:certenroll.IX509EnrollmentHelper.AddPolicyServer	IX509EnrollmentHelper::AddPolicyServer (certenroll.h)	Registers a certificate enrollment policy (CEP) server and saves CEP access credentials in the credential cache.	AddPolicyServer AddPolicyServer method [Security] AddPolicyServer method [Security] IX509EnrollmentHelper interface IX509EnrollmentHelper interface [Security] AddPolicyServer method IX509EnrollmentHelper.AddPolicyServer IX509EnrollmentHelper::AddPolicyServer PsfAllowUnTrustedCA PsfAutoEnrollmentEnabled X509AuthAnonymous X509AuthCertificate X509AuthKerberos X509AuthUsername certenroll/IX509EnrollmentHelper::AddPolicyServer security.ix509enrollmenthelper_addpolicyserver	security\ix509enrollmenthelper_addpolicyserver.htm	security	6b341b5a-88f2-4221-812d-b2997829aa4c	12/05/2018	AddPolicyServer, AddPolicyServer method [Security], AddPolicyServer method [Security],IX509EnrollmentHelper interface, IX509EnrollmentHelper interface [Security],AddPolicyServer method, IX509EnrollmentHelper.AddPolicyServer, IX509EnrollmentHelper::AddPolicyServer, PsfAllowUnTrustedCA, PsfAutoEnrollmentEnabled, X509AuthAnonymous, X509AuthCertificate, X509AuthKerberos, X509AuthUsername, certenroll/IX509EnrollmentHelper::AddPolicyServer, security.ix509enrollmenthelper_addpolicyserver	certenroll.h		Windows	Windows 7 [desktop apps only]	Windows Server 2008 R2 [desktop apps only]					Certenroll.idl								Windows			19H1	IX509EnrollmentHelper::AddPolicyServer certenroll/IX509EnrollmentHelper::AddPolicyServer	c++	APIRef kbSyntax	COM	Certenroll.h	IX509EnrollmentHelper.AddPolicyServer

IX509EnrollmentHelper::AddPolicyServer

-description

The AddPolicyServer method registers a certificate enrollment policy (CEP) server and saves CEP access credentials in the credential cache. This method is web enabled.

-parameters

-param strEnrollmentPolicyServerURI [in]

A BSTR that contains the certificate enrollment policy server URL.

-param strEnrollmentPolicyID [in]

A BSTR that contains the certificate enrollment policy server ID. The ID can be any string. It is set by the administrator who installs the CEP server.

-param EnrollmentPolicyServerFlags [in]

A PolicyServerUrlFlags enumeration value. For the AddPolicyServer function, you can specify a bitwise OR of the following values.

Value	Meaning
PsfAutoEnrollmentEnabled	Automatic certificate enrollment is enabled.
PsfAllowUnTrustedCA	Specifies that the certificate of the issuing CA need not be trusted by the client to install a certificate signed by the CA.

-param authFlags [in]

An X509EnrollmentAuthFlags enumeration value that specifies the client authentication type. This can be one of the following values.

Value	Meaning
X509AuthAnonymous	Anonymous authentication. Set the strCredential and strPassword parameters to NULL.
X509AuthKerberos	Kerberos authentication. Set the strCredential and strPassword parameters to NULL.
X509AuthUsername	Clear text user name and password authentication. Set the strCredential and strPassword parameters to the user name and associated password. These strings are encrypted before transmission and are stored securely in the credential vault on the CEP server.
X509AuthCertificate	Client authentication certificate installed on the local computer and used by the server to verify the identity of the client. Set the strPassword parameter to NULL and set the certificate thumbprint, a 20-byte SHA1 hash of the certificate, in the strCredential parameter.

-param strCredential [in]

A BSTR that contains the credential.

-param strPassword [in]

A BSTR that contains a clear text password.

-returns

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

Return code	Description
E_INVALIDARG	The strEnrollmentPolicyServerURI, strCredential, or strPassword parameters cannot be NULL or empty.
HRESULT_FROM_WIN32(ERROR_ARITHMETIC_OVERFLOW)	The strPassword, strCredential, or strEnrollmentServerURI parameters exceed 64,000 characters or contain embedded null characters.

-remarks

The strCredential and strPassword arguments change depending on the value specified in the authFlags argument as shown in the following table.

flag parameter	strCredential parameter	strPassword parameter
X509AuthAnonymous	NULL	NULL
X509AuthKerberos	NULL	NULL
X509AuthUsername	Clear text user name recognized by the CEP server.	Clear text password associated with the user name.
X509AuthCertificate	Contains a 20 byte SHA-1 hash (thumbprint) of the certificate.	NULL

-see-also

IX509EnrollmentHelper