| CertificateStore Object : CreateCert Method |
| Visual Basic |
|---|
Public Function CreateCert( _ ByVal Name As String, _ ByVal Usage As KeyUsageConstants, _ Optional ByVal CACertificate As Certificate, _ Optional ByVal Lifetime As Long = 0, _ Optional ByVal UseSignatureKey As Boolean = False, _ Optional ByVal Provider As ProviderConstants = providerBase _ ) As Certificate |
| Value | Description |
|---|---|
| usageAll | Used for the KeyUsageSelect property only, selects all Certificates in the Store. |
| usageCertSign | Certificate can be used for Certificate Signing. |
| usageClientAuthentication | Certificate can be used for Client Authentication. |
| usageCodeSigning | Certificate can be used for Code Signing. |
| usageCrlSign | Certificate can be used for Encipherment. |
| usageDataEncipherment | Certificate can be used for Data Encipherment. |
| usageDigitalSignature | Certificate can be used for Digital Signatures. |
| usageEmailProtection | Certificate can be used for Email Protection. |
| usageIPSecEndSystem | Certificate can be used for IPSec End System. |
| usageIPSecTunnel | Certificate can be used for IPSec Tunneling. |
| usageIPSecUser | Certificate can be used for IPSec Users. |
| usageKeyAgreement | Certificate can be used for Key Agreement. |
| usageKeyEncipherment | Certificate can be used for Key Encipherment. |
| usageNone | Certificate has no usage flag. |
| usageNonRepudiation | Certificate can be used prevent Repudiation. |
| usageOfflineCrlSign | Certificate can be used for CRL Signing. |
| usageServerAuthentication | Certificate can be used for Server Authentication. |
| usageTimeStampSigning | Certificate can be used for Time Stamp signing. |
| Value | Description |
|---|---|
| providerBase | Microsoft Base Cryptographic Provider v1.0. |
| providerBaseDSS | Microsoft Base DSS Cryptographic Provider. |
| providerBaseDSSDH | Microsoft Base DSS and Diffie-Hellman Cryptographic Provider. |
| providerDHSchannel | Microsoft DH SChannel Cryptographic Provider. |
| providerEnhancedBase | Microsoft Enhanced Cryptographic Provider v1.0. |
| providerEnhancedDSSDH | Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider. |
| providerEnhancedRSAAES | Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype). |
| providerExchange | Microsoft Exchange Cryptographic Provider v1.0. |
| providerGemSafe | Gemplus GemSAFE Card CSP v1.0. |
| providerRSASchannel | Microsoft RSA SChannel Cryptographic Provider. |
| providerSchlumberger | Schlumberger Cryptographic Service Provider. |
| providerSicrypt | Infineon SICRYPT Base Smart Card CSP. |
| providerStrong | Microsoft Strong Cryptographic Provider. |
This method is used to create a new certificate. If an invalid CA certificate is provided, a certInvalidCA error will be thrown.
The Name parameter represents the Subject Name and is expected to be in x500 format. An example of an x500 formatted name value is CN=Test Cert, OU=Test Cert Division, O=Test Inc, C=US with CN standing for Common Name, OU for Organizational Unit, O for Organization, and C for Country. The only required value is CN. Other values include E for E-mail, S for State, and L for Locale. If the specified name is invalid, a certInvalidCertName error will be thrown
To set the Certificate Location and Store that will hold the certificate, use the Location and Name properties, respectively.
SHA will always be the signature algorithm in use when creating the certificate.
If CACertificate is not present, the certificate will be created as a self-signed CA certificate. To create a non-CA certificate, the CA certificate must already be present on the system.
At the present time this method is not fully support in Windows NT 4.0 and Windows 2000 SP2 and SP3. There are no known problems in Windows 9x or in Windows XP.
This method may generate the following error code (refer to CertificateErrorConstants for a complete list of error codes):