IX509CertificateRequestCmc2::CheckSignature method (certenroll.h)

The CheckSignature method verifies that the certificate request has been signed and that the signature is valid.


HRESULT CheckSignature(
  [in] Pkcs10AllowedSignatureTypes AllowedSignatureTypes


[in] AllowedSignatureTypes

A value from the Pkcs10AllowedSignatureTypes enumeration. This can be a bitwise combination of the following values.

Value Meaning
Signatures generated by using asymmetric keys are permitted. If this flag is set, the signature is verified against the public key in the inner PKCS #10 request. This is the default flag.
Null-signed signatures are permitted.

Return value

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

Return code Description
The certificate request has not been signed.
The signature type is not specified by the AllowedSignatureTypes parameter.
The value specified by the AllowedSignatureTypes parameter is not a member of the Pkcs10AllowedSignatureTypes enumeration type.


This method uses the public key to decrypt the signature and compares the signature to a hash of the certificate request.


Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Target Platform Windows
Header certenroll.h

See also