Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
As the number of certificates, certificate revocation lists (CRLs), and certificate trust list (CTLs) in a user's collection grows, the organization of those certificates becomes an issue. One possible solution is to create separate certificate stores to keep different kinds of certificates. This solution creates a new problem because an application might need to search several different stores to find a specific certificate. The use of logical or collection stores solves this problem.
A logical store and a collection certificate store are groups of physical stores that appears to an application as a single store. All member stores of a logical or collection store can be searched or enumerated with a single function call to either CertFindCertificateInStore or CertEnumCertificatesInStore.
The use of logical or collection stores also provides flexibility that is difficult to achieve with paper records. A certificate in a single physical store might need to be a member of several different logical groups. Therefore, an individual physical store can be a member of more than one logical or collection store as shown in the following illustration.
This illustration presents the following basic, logical certificate store concepts:
- A collection certificate store has a pointer to the first pointer block for that collection store.
- Each pointer block of a collection store has a pointer to a sibling store and a pointer to the next pointer block of the collection.
- Each sibling store in a collection is a simple physical certificate store.
- A simple certificate store can be a member sibling store in many different collection stores.
- Certificates added to a collection store are physically added to one of the sibling stores in the collection.
- Certificates in a sibling store can be accessed by any collection store in which the sibling store is a member.
Collection stores are built within an application by opening a collection store by using CertOpenStore and then using CertAddStoreToCollection to add an open sibling store to the collection store. A sibling store can be deleted from a collection store by calling CertRemoveStoreFromCollection.