CertOpenSystemStoreW function (wincrypt.h)

The CertOpenSystemStore function is a simplified function that opens the most common system certificate store. To open certificate stores with more complex requirements, such as file-based or memory-based stores, use CertOpenStore.


HCERTSTORE CertOpenSystemStoreW(
  LPCWSTR           szSubsystemProtocol



This parameter is not used and should be set to NULL.

Windows Server 2003 and Windows XP:  A handle of a cryptographic service provider (CSP). Set hProv to NULL to use the default CSP. If hProv is not NULL, it must be a CSP handle created by using the CryptAcquireContext function.This parameter's data type is HCRYPTPROV.


A string that names a system store. If the system store name provided in this parameter is not the name of an existing system store, a new system store will be created and used. CertEnumSystemStore can be used to list the names of existing system stores. Some example system stores are listed in the following table.

Value Meaning
Certification authority certificates.
A certificate store that holds certificates with associated private keys.
Root certificates.
Software Publisher Certificate.

Return value

If the function succeeds, the function returns a handle to the certificate store.

If the function fails, it returns NULL. For extended error information, call GetLastError.

Note  Errors from the called function CertOpenStore are propagated to this function.


Only current user certificates are accessible using this method, not the local machine store.

After the system store is opened, all the standard certificate store functions can be used to manipulate the certificates.

After use, the store should be closed by using CertCloseStore.

For more information about the stores that are automatically migrated, see Certificate Store Migration.


The following example shows a simplified method for opening the most common system certificate stores. For another example that uses this function, see Example C Program: Certificate Store Operations.

// Declare and initialize variables.

HCERTSTORE  hSystemStore;              // system store handle

// Open the CA system certificate store. The same call can be
// used with the name of a different system store, such as My or Root,
// as the second parameter.

if(hSystemStore = CertOpenSystemStore(
  printf("The CA system store is open. Continue.\n");
  printf("The CA system store did not open.\n");

// Use the store as needed.
// ...

// When done using the store, close it.
if(!CertCloseStore(hSystemStore, 0))
  printf("Unable to close the CA system store.\n");


The wincrypt.h header defines CertOpenSystemStore as an alias which automatically selects the ANSI or Unicode version of this function based on the definition of the UNICODE preprocessor constant. Mixing usage of the encoding-neutral alias with code that not encoding-neutral can lead to mismatches that result in compilation or runtime errors. For more information, see Conventions for Function Prototypes.


Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header wincrypt.h
Library Crypt32.lib
DLL Crypt32.dll

See also






Certificate Store Functions