Historical Content Alert

This is a historical content for Windows NT 4.0 product and is presented for informative purposes only. All content in this directory is copyrighted and owned by Microsoft.


The createFilePKCS10 method creates a base64 encoded PKCS10 (in BSTR form) that can be submitted to a certificate server, requesting that a certificate be issued to the person/entity whose information is supplied in the PKCS10. The BSTR is saved to a file.

The createFilePKCS10 method has the same functionality as createPKCS10 with the additional feature of saving the base64 encoded PKCS 10 (in BSTR form) to the file specified by wszPKCS10FileName.

[VB] void createFilePKCS10(
  BSTR DNName, 
  BSTR Usage, 
  BSTR wszPKCS10FileName
[C++] HRESULT createFilePKCS10(
  BSTR DNName,  // in
  BSTR Usage,  // in
  BSTR wszPKCS10FileName  // in


[VB][C++] DNName
The Distinguished Name (DN) name must follow the X500 naming convention. For example "CN=User, O=Microsoft". If a two-letter prefix does not exist, an OID may be provided instead.
[VB][C++] Usage
An OID that describes the purpose of the certificate being generated. For example, Individual or Commercial Authenticode certificate, or Client Auth.

The purpose OID is just passed through to the PKCS10 request. For general extensibility and ease of understanding, the control does not attempt to understand specific purpose OIDs. Therefore if you specify a Client Auth OID, the generated keys will still be a signature key, not an exchange key.

[VB][C++] wszPKCS10FileName
When specified, designates a file in which the base64 encoded PKCS 10 (in BSTR form) is saved.

Return Values

The return value from createPKCS10 is a base64 encoded PKCS10 request (in BSTR form). The format is such so that it can be directly posted to a WEB server for processing.


By default, the Microsoft Base Cryptographic Provider is used, and unique a signature key is created.

Share this article: