ICertAdmin2::ImportKey method (certadm.h)

The ImportKey method adds an encrypted key set to an item in the Certificate Services database. The key set is encrypted to one or several key recovery agent (KRA) certificates.


HRESULT ImportKey(
  const BSTR strConfig,
  LONG       RequestId,
  const BSTR strCertHash,
  LONG       Flags,
  const BSTR strKey



String value that represents a valid configuration string for the certification authority (CA) in the form COMPUTERNAME\CANAME, where COMPUTERNAME is the Certificate Services server's network name, and CANAME is the common name of the CA, as entered during Certificate Services setup. For information about the configuration string name, see ICertConfig.

Important  ImportKey does not clear the internal cache when the configuration string is changed. When you change the configuration string for the CA, you must instantiate a new ICertAdmin object and call this method again with the new configuration string.


LONG value that represents the certificate request ID in the Certificates Services database. If the serial number (passed in as strCertHash) is to be used instead of the request ID, use zero for this value.


String value that represents the certificate hash. For strCertHash to be used, you must specify a value of zero for RequestId.


Specifies the format of the key. This parameter can be one of the following values.

Value Meaning
BASE64 format with begin or end.
BASE64 format without begin or end.
Binary format.

Additionally, the following value can be combined with the format value by using a bitwise-OR operation.

Value Meaning
Any existing KRA encoded information is overwritten.


String value that represents the KRA key information.

Return value



Minimum supported client None supported
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header certadm.h (include Certsrv.h)
Library Certidl.lib
DLL Certadm.dll

See also