ICertAdmin interface

The ICertAdmin interface provides administration functionality for properly authorized clients.

The ICertAdmin interface is used to perform the following tasks:

  • Authorize or deny a certificate request.
  • Revoke an issued certificate.
  • Trigger the generation of a certificate revocation list (CRL).
  • Get the current CRL for the server.
  • Determine whether a certificate is valid.
When you use the ICertAdmin interface, you have write-only access to request attributes and certificate extensions, but no direct access to other request and certificate properties.

ICertAdmin is defined in Certadm.h. When you create a program, however, use Certsrv.h as the include file. Certadm.dll, on the other hand, provides the implementation of the ICertAdmin interface. The type information for this interface is also in Certadml.dll, which is shipped with the Platform Software Development Kit (SDK).

Administration tasks use DCOM. Code that calls this interface method as defined in an earlier version of Certadm.h will run on Windows-based servers as long as the client and the server are both running the same Windows operating system.

Certificate Services interfaces support both apartment-threading and free-threading models. For better throughput, free threading is recommended.

Methods

The ICertAdmin interface has these methods.

Method Description
ICertAdmin::DenyRequest Denies a specified certificate request that is pending.
ICertAdmin::GetCRL Retrieves the current certificate revocation list (CRL) for the Certificate Services certification authority (CA).
ICertAdmin::GetRevocationReason Returns the reason a certificate was revoked. This method was first defined in the ICertAdmin interface.
ICertAdmin::ImportCertificate Takes a previously issued certificate and imports it to the certification authority's (CA) database. This method was first defined in the ICertAdmin interface.
ICertAdmin::IsValidCertificate Verifies the certificate against the certification authority (CA) key and checks that the certificate has not been revoked. This method was first defined in the ICertAdmin interface.
ICertAdmin::PublishCRL Sends a request to the Certificate Services certification authority (CA) to publish a new certificate revocation list (CRL). This method was first introduced in the ICertAdmin interface.
ICertAdmin::ResubmitRequest Submits the specified certificate request to the policy module for the specified certification authority. This method was first introduced in the ICertAdmin interface.
ICertAdmin::RevokeCertificate Revokes a certificate either on a specified date or immediately. This method was first defined in the ICertAdmin interface.
ICertAdmin::SetCertificateExtension Adds a new extension to the certificate issued in response to a certificate request. This method was first defined by the ICertAdmin interface.
ICertAdmin::SetRequestAttributes Sets attributes in the specified pending certificate request. This method was first defined in the ICertAdmin interface.

Requirements

   
Minimum supported client None supported
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header certadm.h (include Certsrv.h)