Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The InitializeDecode method decodes an existing signed or unsigned PKCS #10 certificate request and uses it to initialize the new PKCS #10 request object. The existing request is contained in a byte array that has been encoded by using Distinguished Encoding Rules (DER) as defined by the Abstract Syntax Notation One (ASN.1) standard. The byte array is represented by a string that is either a pure binary sequence or is Unicode encoded.
Syntax
HRESULT InitializeDecode(
[in] BSTR strEncodedData,
[in] EncodingType Encoding
);
Parameters
[in] strEncodedData
A BSTR variable that contains the DER-encoded request. For more information, see Remarks.
[in] Encoding
An EncodingType enumeration value that specifies the type of Unicode encoding applied to the input string that contains the DER-encoded request. The default value is XCN_CRYPT_STRING_BASE64.
Return value
If the function succeeds, the function returns S_OK.
If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.
| Return code/value | Description |
|---|---|
|
The certificate request object has already been initialized. |
Remarks
The InitializeDecode method decodes the existing PKCS #10 request and uses the information retrieved to initialize the following collections for the new request object:
- An empty ICryptAttributes collection.
- An empty IX509Extensions collection.
- An empty IObjectIds collection for attribute and extension OIDs to be suppressed from the new request.
The method also:
- Adds the decoded extensions to the IX509Extensions collection.
- Adds the decoded attributes to the ICryptAttributes collection.
- Sets the CriticalExtensions property with the decoded critical extensions.
- Sets the ClientId property.
- Sets the TemplateObjectId property.
By default, the InitializeDecode method assumes that the certificate request to be decoded is for an end user. Beginning with Windows 8 and Windows Server 2012, you can change this default behavior. After creating an instance of the IX509CertificateRequestPkcs10 interface, call InitializeDecode by setting the Encoding parameter to XCN_CRYPT_STRING_BINARY and the strEncodedData parameter to one of the following values:
| Value | Description |
|---|---|
| L"ContextMachine" | The encoded certificate request is for a computer. |
| L"ContextUser" | The encoded certificate request is for an end user. |
| L"ContextAdministratorForceMachine" | The encoded certificate is being requested by an administrator acting on the behalf of a computer. |
Then, call the InitializeDecode method again with the encoded certificate set in the strEncodedData argument.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | certenroll.h |
| DLL | CertEnroll.dll |