3.1.4.1.4 ICertAdminD::DenyRequest (Opnum 6)

  • Article

The DenyRequest method denies a specific certificate request that is pending.

 HRESULT DenyRequest(
   [in, string, unique] wchar_t const* pwszAuthority,
   [in] DWORD dwRequestId
 );

pwszAuthority: See the pwszAuthority definition in ICertAdminD::SetExtension (section 3.1.4.1.1).

dwRequestId: A 32-bit nonzero unsigned integer value that specifies the ID of the certificate request.

The following processing rules apply:

  1. The CA MUST look up the request based on the provided dwRequestId parameter in the Request table. If the request is not found, the CA MUST fail the request. If the request is found, the selected row is referred to as the identified row in the following processing rules.

  2. If the value of the Request_Disposition column in the identified row is not "request pending", the CA MUST fail the request.

  3. If the value of the Request_Disposition column in the identified row is "request pending":

    1. The CA MUST set the value of the Request_Disposition column in the identified row to "request denied", and set the Request_Status_Code to 0x80094014 (CERTSRV_E_ADMIN_DENIED_REQUEST).<22>

    2. The CA SHOULD set the value of the Request_Disposition_Message column in the identified row to any value that the implementer considers human-readable. The Microsoft CA sets Request_Disposition_Message in this case to "Denied by {username}" where "{username}" is replaced with the user name of the caller.