CertCreateCertificateContext function (wincrypt.h)

  • Article

The CertCreateCertificateContext function creates a certificate context from an encoded certificate. The created context is not persisted to a certificate store. The function makes a copy of the encoded certificate within the created context.

Syntax

PCCERT_CONTEXT CertCreateCertificateContext(
  [in] DWORD      dwCertEncodingType,
  [in] const BYTE *pbCertEncoded,
  [in] DWORD      cbCertEncoded
);

Parameters

[in] dwCertEncodingType

Specifies the type of encoding used. It is always acceptable to specify both the certificate and message encoding types by combining them with a bitwise-OR operation as shown in the following example:

X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:

  • X509_ASN_ENCODING
  • PKCS_7_ASN_ENCODING

[in] pbCertEncoded

A pointer to a buffer that contains the encoded certificate from which the context is to be created.

[in] cbCertEncoded

The size, in bytes, of the pbCertEncoded buffer.

Return value

If the function succeeds, the function returns a pointer to a read-only CERT_CONTEXT. When you have finished using the certificate context, free it by calling the CertFreeCertificateContext function.

If the function is unable to decode and create the certificate context, it returns NULL. For extended error information, call GetLastError. Some possible error codes follow.

Return code Description
E_INVALIDARG
 A certificate encoding type that is not valid was specified. Currently, only the X509_ASN_ENCODING type is supported.
 

If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.

Remarks

The CERT_CONTEXT must be freed by calling CertFreeCertificateContext. CertDuplicateCertificateContext can be called to make a duplicate. CertSetCertificateContextProperty and CertGetCertificateContextProperty can be called to store and read properties for the certificate.

Examples

The following example shows creating a certificate context from an encoded certificate. The created context is not put in a certificate store. For another example that uses this function, see Example C Program: Certificate Store Operations.

#include <windows.h>
#include <stdio.h>
#include <Wincrypt.h>

#define MY_ENCODING_TYPE  (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)

void main()
{
	PCCERT_CONTEXT  pCertContext = NULL; 

	//------------------------------------------------------------------ 
	//  Create a new certificate from the encoded part of
	//  an available certificate. pDesiredCert is a previously
	//  assigned PCCERT_CONTEXT variable.
	if(pCertContext = CertCreateCertificateContext(
		MY_ENCODING_TYPE,              // The encoding type
		pDesiredCert->pbCertEncoded,   // The encoded data from
									   // the certificate retrieved
		pDesiredCert->cbCertEncoded))  // The length of the encoded data
	{
		printf("A new certificate has been created.\n");
	 
		// Use the certificate context as needed.
		// ...

		// When finished, free the certificate context.
		CertFreeCertificateContext(pCertContext);
	}
	else
	{
		printf("A new certificate could not be created.\n");
		exit(1);
	}
}

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps | UWP apps]
Minimum supported server Windows Server 2003 [desktop apps | UWP apps]
Target Platform Windows
Header wincrypt.h
Library Crypt32.lib
DLL Crypt32.dll

See also

CERT_CONTEXT

CertCreateCRLContext

CertCreateCTLContext

CertDuplicateCertificateContext

CertFreeCertificateContext

CertGetCertificateContextProperty

CertSetCertificateContextProperty

Certificate Functions