ImportFromBlob (Opnum 22)

The ImportFromBlob method imports a previously exported certificate blob on the target machine.

 [id(16)] HRESULT ImportFromBlob(
   [in] BSTR InstanceName,
   [in] BSTR Password,
   [in] VARIANT_BOOL bInstallToMetabase,
   [in] VARIANT_BOOL bAllowExport,
   [in] VARIANT_BOOL bOverWriteExisting,
   [in] DWORD cbSize,
   [in, string, size_is(cbSize)] CHAR* pBlobBinary

InstanceName: A string that specifies a web server instance.

Password:  A password used to decrypt the imported certificate data.

bInstallToMetabase: If set to 1 or VARIANT_TRUE, indicates that the imported certificate is associated with the web server instance specified by InstanceName.

bAllowExport: If set to 1 or VARIANT_TRUE, indicates that the newly imported certificate is made exportable.

bOverWriteExisting: If set to 1 or VARIANT_TRUE, indicates that importing a duplicate certificate will not generate an error.

cbSize: Contains the number of bytes in the pBlobBinary buffer including the terminating null character.

pBlobBinary: A buffer containing an exported, base64-encoded certificate to be imported on the target machine. This buffer is a null-terminated array of bytes.

Return Values: A signed 32-bit value that indicates return status. If the method returns a negative value, it failed. If the 12-bit facility code (bits 16–27) is set to 0x007, the value contains a Win32 error code in the lower 16 bits. Zero or positive values indicate success, with the lower 16 bits in positive nonzero values containing warnings or flags defined in the method implementation. For more information about Win32 error codes and HRESULT values, see [MS-ERREF].

Return value/code




The call was successful.



One or more arguments are invalid.



The string is too long.



The object or property already exists.

The opnum field value for this method is 22.

When processing this call, the server MUST do the following:

  • If InstanceName or Password are empty strings, return E_INVALIDARG.

  • If InstanceName or Password contains more than 260 characters, return RPC_STRING_TOO_LONG.

  • Attempt to use base64 to decode the pBlobBinary blob.

  • Attempt to decrypt and import the decoded data with the password specified by Password. If bAllowExport is set to 1 or VARIANT_TRUE, attempt to flag the imported certificate as exportable.<37>

  • If the import fails because the password does not match the one used to export and encrypt the certificate data, return E_INVALIDARG.<38>

  • If bOverWriteExisting is not set to 1 or VARIANT_TRUE and the imported certificate already exists in the certificate store, return CRYPT_E_EXISTS; otherwise, continue processing the import.

  • If bInstallToMetabase is set to 1 or VARIANT_TRUE, the imported certificate is associated with the web server instance specified by InstanceName.