The ICertServerPolicy interface allows the policy module to communicate with Certificate Services.
- Specify which certificate request is used as the current context for subsequent operations.
- Enumerate and retrieve the extensions (including extension flags) of a certificate request, and set the extensions of the issued certificate.
- Enumerate and retrieve request attributes.
- Retrieve certificate request properties.
- Retrieve and set certificate properties.
From the time the ICertPolicy::VerifyRequest method is called until it returns, the unresolved request and certificate under construction can be accessed through a Context data object. Because the policy module can add to or override request properties by calling ICertServerPolicy::SetCertificateProperty, certificate properties can differ from request properties.
ICertServerPolicy is defined in Certif.h. When you create your program, however, use Certsrv.h as the include file. Certcli.dll provides the ICertServerPolicy interface. The type information for this interface is also in Certclil.dll, which is shipped with the Platform Software Development Kit (SDK).
Certificate Services interfaces support both apartment-threading and free-threading models. For better throughput, free threading is recommended.
The ICertServerPolicy interface has these methods.
|ICertServerPolicy::EnumerateAttributes||Retrieves the name of the current attribute and moves the internal enumeration pointer to the next attribute.|
|ICertServerPolicy::EnumerateAttributesClose||Frees the resources connected with attribute enumeration.|
|ICertServerPolicy::EnumerateAttributesSetup||Initializes the internal enumeration pointer to the first request attribute associated with the current context.|
|ICertServerPolicy::EnumerateExtensions||Retrieves the object identifier (OID) of the current extension and moves the internal enumeration pointer to the next extension.|
|ICertServerPolicy::EnumerateExtensionsClose||Frees the resources connected with extension enumeration.|
|ICertServerPolicy::EnumerateExtensionsSetup||Initializes the internal enumeration pointer to the first certificate extension associated with the current context.|
|ICertServerPolicy::GetCertificateExtension||Retrieves a specific certificate extension.|
|ICertServerPolicy::GetCertificateExtensionFlags||Retrieves the flags associated with the extension acquired by the most recent call to GetCertificateExtension.|
|ICertServerPolicy::GetCertificateProperty||Returns a named property from a certificate.|
|ICertServerPolicy::GetRequestAttribute||Returns a named attribute from a request.|
|ICertServerPolicy::GetRequestProperty||Retrieves a specific property from a request.|
|ICertServerPolicy::SetCertificateExtension||Adds a new extension to the certificate.|
|ICertServerPolicy::SetCertificateProperty||To set a property associated with a certificate.|
|ICertServerPolicy::SetContext||Specifies the request to be used as the context for subsequent calls to Certificate Services.|
|Minimum supported client||None supported|
|Minimum supported server||Windows Server 2003 [desktop apps only]|
|Header||certif.h (include Certsrv.h)|