ISCrdEnr::selectSigningCertificate method

The selectSigningCertificate method displays a Select Certificate dialog box, allowing a signing certificate (also known as the enrollment agent certificate) to be selected.

Before enrolling on behalf of users, you must select a signing certificate. The private key associated with this signing certificate is used to sign a PKCS #7 request. The PKCS #7, in turn, contains the user's PKCS #10 request (which is signed with the user's private key).


HRESULT selectSigningCertificate(
  [in] DWORD dwFlags,
  [in] BSTR bstrCertTemplateName

SCrdEnr.selectSigningCertificate( _
  ByVal dwFlags, _
  ByVal bstrCertTemplateName _


dwFlags [in]

Reserved for future use. Set this value to zero.

bstrCertTemplateName [in]

A string that represents the name of the certificate template for the signing certificate. You can use the value "EnrollmentAgent" if you have obtained an EnrollmentAgent certificate.

Return value


If the method succeeds, the method returns S_OK.

If the method fails, it returns an HRESULT value that indicates the error. For a list of common error codes, see Common HRESULT Values.


Before enrolling on behalf of a user, you must first obtain a signing certificate. You can obtain a signing certificate by using the Certificate Manager MMC snap-in. The selectSigningCertificate method does not obtain the signing certificate but displays a dialog box of previously obtained signing certificates, allowing you to choose which certificate will be used to sign the enroll-on-behalf requests.

An alternative to selectSigningCertificate is ISCrdEnr::setSigningCertificate.

After a signing certificate is selected, its name can be retrieved by calling ISCrdEnr::getSigningCertificateName.


Minimum supported client
None supported
Minimum supported server
Windows Server 2003 [desktop apps only]
IID_ISCrdEnr is defined as 753988a1-1357-436d-9cf5-f089bdd67d64

See also