IMFSSLCertificateManager interface

Implemented by a client and called by Microsoft Media Foundation to get the client Secure Sockets Layer (SSL) certificate requested by the server.

In most HTTPS connections the server provides a certificate so that the client can ensure the identity of the server. However, in certain cases the server might wants to verify the identity of the client by requesting the client to send a certificate. For this scenario, a client application must provide a mechanism for Media Foundation to retrieve the client side certificate while opening an HTTPS URL with the source resolver or the scheme handler. The application must implement IMFSSLCertificateManager, set the IUnknown pointer of the implemented object in the MFNETSOURCE_SSLCERTIFICATE_MANAGER property, and pass the property store to the source resolver. While opening the URL, Media Foundation calls the IMFSSLCertificateManager methods to get the certificate information. If the application needs to connect to HTTPS URL that requires a client-side certificate, or the application wants customized control over the type of server certificates to accept, then they can implement this interface. This interface can also be used by the application to validate the server SSL certificate.

If the IUnknown pointer is not provided by the application and the HTTPS URL does not require the client to provide a certificate, Media Foundation uses the default implementation to open the URL.


The IMFSSLCertificateManager interface has these methods.

Method Description
IMFSSLCertificateManager::BeginGetClientCertificate Starts an asynchronous call to get the client SSL certificate.
IMFSSLCertificateManager::EndGetClientCertificate Completes an asynchronous request to get the client SSL certificate.
IMFSSLCertificateManager::GetCertificatePolicy Indicates whether the server SSL certificate must be verified by the caller, Media Foundation, or the IMFSSLCertificateManager implementation class.
IMFSSLCertificateManager::GetClientCertificate Gets the client SSL certificate synchronously.
IMFSSLCertificateManager::OnServerCertificate Called by Media Foundation when the server SSL certificate has been received; indicates whether the server certificate is accepted.


Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Target Platform Windows
Header mfidl.h

See Also

Media Foundation Interfaces