Skip to content

Latest commit

 

History

History
107 lines (66 loc) · 3.14 KB

iscrdenr-setsigningcertificate.md

File metadata and controls

107 lines (66 loc) · 3.14 KB
Raw
description ms.assetid title ms.topic ms.date topic_type api_name api_type api_location
Specifies a signing certificate (also known as the enrollment agent certificate).
db2437a9-46f6-48c3-9630-82ec556df645
ISCrdEnr::setSigningCertificate method
reference
05/31/2018
APIRef
kbSyntax
ISCrdEnr.setSigningCertificate
SCrdEnr.setSigningCertificate
COM
Scrdenrl.dll

ISCrdEnr::setSigningCertificate method

The setSigningCertificate method specifies a signing certificate (also known as the enrollment agent certificate).

Before enrolling on behalf of users, you must select or set a signing certificate. The private key associated with this signing certificate is used to sign a PKCS #7 request. The PKCS #7, in turn, contains the user's PKCS #10 request (which is signed with the user's private key).

Syntax

HRESULT setSigningCertificate(
  [in] DWORD dwFlags,
  [in] BSTR bstrCertTemplateName
);
SCrdEnr.setSigningCertificate( _
  ByVal dwFlags, _
  ByVal bstrCertTemplateName _
)

Parameters

dwFlags [in]

Reserved for future use. Set this value to zero.

bstrCertTemplateName [in]

Name of the certificate template for the signing certificate. You can use the value "EnrollmentAgent" if you have obtained an EnrollmentAgent certificate.

Return value

VB

If the method succeeds, the method returns S_OK.

If the method fails, it returns an HRESULT value that indicates the error. For a list of common error codes, see Common HRESULT Values.

Remarks

Before enrolling on behalf of a user, you must first obtain a signing certificate. You can obtain a signing certificate by using the Certificate Manager MMC snap-in. The setSigningCertificate method does not obtain the signing certificate but informs the Smart Card Enrollment Control which previously obtained signing certificate to use. The setSigningCertificate method searches the caller's "My" store for the most recent signing certificate corresponding to the certificate template specified by bstrCertTemplateName.

An alternative to setSigningCertificate is ISCrdEnr::setSigningCertificate.

After a signing certificate is set, its name can be retrieved by calling ISCrdEnr::getSigningCertificateName.

Requirements

Requirement Value
Minimum supported client
 None supported
Minimum supported server
 Windows Server 2003 [desktop apps only]
DLL
Scrdenrl.dll
IID
 IID_ISCrdEnr is defined as 753988a1-1357-436d-9cf5-f089bdd67d64

See also

ISCrdEnr

ISCrdEnr::getSigningCertificateName