ICertServerPolicy interface

The ICertServerPolicy interface allows the policy module to communicate with Certificate Services.

Note  Certificate Services communicates with the policy module through the ICertPolicy2 interface.
The ICertServerPolicy interface is exported by the server engine and is called by the policy module to perform the following tasks:
  • Specify which certificate request is used as the current context for subsequent operations.
  • Enumerate and retrieve the extensions (including extension flags) of a certificate request, and set the extensions of the issued certificate.
  • Enumerate and retrieve request attributes.
  • Retrieve certificate request properties.
  • Retrieve and set certificate properties.

From the time the ICertPolicy::VerifyRequest method is called until it returns, the unresolved request and certificate under construction can be accessed through a Context data object. Because the policy module can add to or override request properties by calling ICertServerPolicy::SetCertificateProperty, certificate properties can differ from request properties.

ICertServerPolicy is defined in Certif.h. When you create your program, however, use Certsrv.h as the include file. Certcli.dll provides the ICertServerPolicy interface. The type information for this interface is also in Certclil.dll, which is shipped with the Platform Software Development Kit (SDK).

Certificate Services interfaces support both apartment-threading and free-threading models. For better throughput, free threading is recommended.


The ICertServerPolicy interface has these methods.

Method Description
ICertServerPolicy::EnumerateAttributes Retrieves the name of the current attribute and moves the internal enumeration pointer to the next attribute.
ICertServerPolicy::EnumerateAttributesClose Frees the resources connected with attribute enumeration.
ICertServerPolicy::EnumerateAttributesSetup Initializes the internal enumeration pointer to the first request attribute associated with the current context.
ICertServerPolicy::EnumerateExtensions Retrieves the object identifier (OID) of the current extension and moves the internal enumeration pointer to the next extension.
ICertServerPolicy::EnumerateExtensionsClose Frees the resources connected with extension enumeration.
ICertServerPolicy::EnumerateExtensionsSetup Initializes the internal enumeration pointer to the first certificate extension associated with the current context.
ICertServerPolicy::GetCertificateExtension Retrieves a specific certificate extension.
ICertServerPolicy::GetCertificateExtensionFlags Retrieves the flags associated with the extension acquired by the most recent call to GetCertificateExtension.
ICertServerPolicy::GetCertificateProperty Returns a named property from a certificate.
ICertServerPolicy::GetRequestAttribute Returns a named attribute from a request.
ICertServerPolicy::GetRequestProperty Retrieves a specific property from a request.
ICertServerPolicy::SetCertificateExtension Adds a new extension to the certificate.
ICertServerPolicy::SetCertificateProperty To set a property associated with a certificate.
ICertServerPolicy::SetContext Specifies the request to be used as the context for subsequent calls to Certificate Services.


Minimum supported client None supported
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header certif.h (include Certsrv.h)

See Also