Creating, Signing, and Storing a CTL
The following procedures create a signed certificate trust list (CTL) and save it to a certificate store.
To create and sign a CTL
- Create an array of items to be stored in the CTL. In the case of trusted certificates, this must be the SHA1 or MD5 hashes of the trusted certificates.
- Initialize a CTL_INFO structure that includes the array of items just created.
- Initialize a CMSG_SIGNED_ENCODE_INFO structure.
- Call CryptMsgEncodeAndSignCTL. This function call returns a pointer to a signed, encoded CTL (in PKCS #7 format) that contains the list of items created in step 1.
To add a CTL to a certificate store
- Get a pointer to a signed and encoded CTL.
- Open the target certificate store with a call to CertOpenStore.
- Call CertAddEncodedCTLToStore.