| |
| BOOL ValidateCertificate( |
| |
LPCTSTR lpszCertStore, |
|
| |
LPCTSTR lpszCertPassword, |
|
| |
LPCTSTR lpszCertName |
|
| ); |
The ValidateCertificate method determines if the specified
security certificate is installed on the local system.
Parameters
- lpszCertStore
- A pointer to a null terminated string which specifies the name
of the certificate store to open. A certificate store is a
collection of certificates and their private keys, typically
organized by how they are used. If this value is NULL or points to
an empty string, the personal certificate store will
be used as the default. This parameter may also specify the name of
a certificate file in PKCS #12 (PFX) format.
| Store Name |
Description |
| CA |
Certification authority certificates. These are
certificates that are issued by entities which are entrusted to
issue certificates to other individuals or organizations.
Companies such as Comodo and DigiCert act as certification
authorities. |
| MY |
Personal certificates and their associated private keys for
the current user. This store typically holds the client
certificates used to establish a user's credentials. This
corresponds to the "Personal" store that is displayed
by the certificate manager utility and is the default store
used by the library. |
| ROOT |
Certificates that have been self-signed by a certificate
authority. Root certificates for a number of different
certification authorities such as Comodo and DigiCert are
installed as part of the operating system and periodically
updated by Microsoft. |
- lpszCertPassword
- A null terminated string which specifies the password associated
with a certificate file. This parameter is only used if the
lpszCertStore parameter specifies a certificate file, otherwise
it is ignored. If the certificate file is not protected with a
password, this parameter should be a NULL pointer or empty string.
- lpszCertName
- A pointer to a null terminated string which specifies the name
of the certificate to validate. The method will first search the
certificate store for a certificate with a matching "friendly name";
this is a name for the certificate that is assigned by the user.
Note that the name must match completely, but the comparison is not
case sensitive. If no matching certificate is found, the method
will then attempt to find a certificate that has a matching common
name (also called the certificate subject). This comparison is less
stringent, and the first partial match will be returned. If this
second search fails, the method will return an error indicating
that the certificate could not be found.
Return Value
If the method succeeds, the return value is non-zero. If the method
fails, the return value is zero. To get extended error information, call
InetGetLastError.
Remarks
If you are checking the validity of a certificate installed in the local
certificate store, you can explicitly specify whether the certificate store
for the current user or the local machine (all users) should be used. This
is done by prefixing the certificate store name with "HKCU:" for
the current user, or "HKLM:" for the local machine. For example,
a certificate store name of "HKLM:MY" would specify the personal
certificate store for the local machine, rather than the current user. If
neither prefix is specified, then it will default to the certificate
store for the current user.
It is possible to validate a certificate file rather than one stored
in the local certificate store. The lpszCertStore member should
specify the name of a file in Private Information Exchange (PFX) format,
also known as PKCS #12.These certificate files typically have an extension
of .pfx or .p12. If a password was specified when the certificate file
was created, it must be provided in with the lpszCertPassword
parameter or this method will be unable to access the certificate.
This method can only validate certificate files in PFX format and
cannot be used to validate a certificate file in another format, such
as PEM (base64 encoded) or DER (binary).
Requirements
Minimum Desktop Platform: Windows 7 Service Pack 1
Minimum Server Platform: Windows Server 2008 R2 Service Pack 1
Header File: cswsock11.h
Import Library: cswskv11.lib
Unicode: Implemented as Unicode and ANSI versions
See Also
EnableSecurity,
SetCertificate
|
|