IX509CertificateRequestPkcs10V2::InitializeFromPrivateKeyTemplate method (certenroll.h)

The InitializeFromPrivateKeyTemplate method initializes the certificate request by using an IX509PrivateKey object and a certificate template.


HRESULT InitializeFromPrivateKeyTemplate(
  [in] X509CertificateEnrollmentContext Context,
  [in] IX509PrivateKey                  *pPrivateKey,
  [in] IX509EnrollmentPolicyServer      *pPolicyServer,
  [in] IX509CertificateTemplate         *pTemplate


[in] Context

An X509CertificateEnrollmentContext enumeration value that specifies whether the requested certificate is intended for an end user, a computer, or an administrator acting on behalf of the computer. This can be one of the following values. However, if the MachineContext property of the private key is set, you must specify the ContextMachine enumeration value.

Value Meaning
The certificate is being requested for an end user.
The certificate is being requested for a computer.
The certificate is being requested by an administrator acting on the behalf of a computer.

[in] pPrivateKey

Pointer to an IX509PrivateKey interface that represents the private key.

[in] pPolicyServer

Pointer to an IX509EnrollmentPolicyServer object that represents the certificate enrollment policy (CEP) server that contains the template specified by the pTemplate parameter.

[in] pTemplate

Pointer to an IX509CertificateTemplate object that represents the template to use during initialization.

Return value

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

Return code Description
The pPrivateKey, pPolicyServer, or pTemplate parameters are NULL.
The certificate request object has already been initialized.


The InitializeFromPrivateKeyTemplate method performs the following actions:

  • Adds the extensions specified by the template to an IX509Extensions collection.
  • Creates an IObjectIds collection and populates it with the default XCN_OID_KEY_USAGE and XCN_OID_BASIC_CONSTRAINTS2 object identifiers. If the template indicates that these OIDs are not critical, they are removed from the collection. The OIDs marked critical by the template are added.
  • Sets the SmimeCapabilities property if the template supports symmetric algorithms.
  • Sets the AlternateSignatureAlgorithm property if the template requires a discrete signature algorithm OID.
  • Creates an IX509SignatureInformation object.
  • Creates a hash algorithm OID if the algorithm is specified in the template and sets it on the IX509SignatureInformation object.
  • Retrieves an asymmetric encryption algorithm OID, if it exists, from the template and sets it on the IX509SignatureInformation object.
  • Populates many of the IX509PrivateKey properties from the template settings.

If the CSPInformations property is not specified, the method creates an ICspInformations collection from the providers installed on the computer.

No private key is created at this point. If the IX509PrivateKey object passed to the method does not represent an existing key, a key is created when the Encode method is called. The key will be created by using the default provider if no template was specified and the ProviderName property on the IX509PrivateKey is not set. When a private key exists, it is set on the PrivateKey property.


Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Target Platform Windows
Header certenroll.h

See also