CertOpenSystemStore

The CertOpenSystemStore function opens a system certificate store based on a subsystem protocol. Several subsystem protocols are predefined by the Microsoft® CryptoAPI, as described under the szSubsystemProtocol parameter.

#include <wincrypt.h>
HCERTSTORE WINAPI CertOpenSystemStore(
  HCRYPTPROV hProv,               // in
  LPCTSTR pszSubsystemProtocol    // in
);

Parameters

hProv

Specifies a handle to the cryptographic provider. This parameter specifies the cryptographic provider to use to verify the signature of a subject certificate, CRL, or CTL. It is also used to compute the hash when CertGetCertificateContextProperty or CertGetCRLContextProperty is called with hash property IDs. If hProv is NULL the default provider "1" is acquired for you. Otherwise, if hProv is not NULL, the indicated provider is used, but not automatically released. The same semantics as CertOpenStore apply when CERT_STORE_NO_CRYPT_RELEASE_FLAG is set.

pszSubsystemProtocol

String describing a subsystem protocol. Some examples of predefined subsystem protocols are:

Predefined subsystem protocol string	Description
"MY"	A Certificate store holding "My" certificates with their associated private keys.
"CA"	Certifying Authority certificates.
"ROOT"	Root certificates.
"SPC"	Software publisher certificates.

Return Values

If the store open fails, NULL is returned. Otherwise, a handle to the certificate store is returned.

Call GetLastError to see the reason for any failures. Note that errors from the called function CertOpenStore are propagated to this function.

Remarks

After the system store is opened, all the standard certificate store APIs can be used to manipulate the certificates. For example, CertAddEncodedCertificateToStore can be used to add certificates to the system store.

When done, the certificate store should be closed by using CertCloseStore.

Example

See Example Code for Fundamental Certificate Store Operations.

QuickInfo