3.1.1.4.3.7 Certificate Request for Certificate Retrieval

  • Article

A client retrieves an issued certificate from a CA by calling ICertRequestD::Request and ICertRequestD2::Request2 methods. The call that the client makes does not contain information on a new certificate request; rather, it contains an identifier of the certificate the client wants to retrieve. It has identical semantics for the ICertRequestD::Request (section 3.2.1.4.2.1) and ICertRequestD2::Request2 (section 3.2.1.4.3.1) methods, with the exception of the pwszSerialNumber parameter. The client MUST make a call to the same CA that has received the original request.

The client MUST identify the certificate that it wants to retrieve, either by setting the pwszSerialNumber to the requested certificate serial number or by setting pdwRequestId to the value of the pdwRequestId parameter that was returned in a previous call to this function.

pwszAuthority: The client MUST follow the processing rules for pwszAuthority as specified in section 3.1.1.4.2.

dwFlags: The client MUST NOT set the RequestType byte of the dwFlags parameter (as specified in section 3.2.1.4.3.1.1). The client SHOULD set the values of the Flags byte in the dwFlags parameter (as specified in section 3.2.1.4.3.1.1) as necessary to specify the type of information to be returned.

pwszSerialNumber: If pdwRequestId is 0, then the client MUST set this parameter to the serial number of the issued certificate that it requests.

pdwRequestId: If pwszSerialNumber is NULL, the client MUST set this parameter to the request ID of the pending request.

pwszAttributes: This parameter MUST be NULL.

pctbRequest: This parameter MUST be NULL.

pdwDisposition: Upon a successful return from an ICertRequestD::Request or ICertRequestD2::Request2 method invocation, the client receives the pdwDisposition parameter as an output value.

If this value is 0x00000005 (CR_DISP_UNDER_SUBMISSION), the CA has not completed processing the enrollment request and the certificate has not been signed.

If the value is 0x00000003 (CR_DISP_ISSUED), the CA has issued the certificate.