Several functions provide services for managing a certificate store's state.

To gain access to certificates, the certificate store in which they are stored must be opened through a call to CertOpenStoreor CertOpenSystemStore.

Usually a certificate store is opened in cached memory. It can be a new store or its contents can be loaded from the local registry, the registry on a remote computer, a disk file, a PKCS #7 message, or some other source.

CryptoAPI certificate store functions also allow a store to maintain certificates outside cached memory in, for example, an external database of certificates such as the one provided by the Microsoft Certificate Server Database.

One of the parameters of the CertOpenStorefunction, lpszStoreProvider,determines the type of store opened and the provider used to open that store. See Example C Code for Opening Certificate Stores for examples of opening certificate stores using various providers.

CertCloseStorecloses a certificate store. When a certificate store is closed, each of the certificate contexts in that store has its reference count reduced by one. Memory is freed for certificates whose reference count goes to zero.

Setting CERT_CLOSE_STORE_FORCE_FLAG with CertCloseStorecloses the certificate store and frees memory for all of its certificate contexts regardless of their reference count. In some cases, such as in multithreaded programs, this cannot be desirable. If CERT_CLOSE_STORE_CHECK_FLAG is set, the store is closed, but a warning value is returned by the function if memory is still allocated for certificates whose reference counts have not been reduced to zero. If a certificate's reference count is greater than zero, a duplicate of that certificate context has not been freed. Use CertFreeCertificateContextto free any certificates left open.

Note:
A certificate contextis a structure of type CERT_CONTEXTthat has, among other members, a pointer to the encoded certificate BLOB and a pointer to a CERT_INFOstructure. The CERT_INFOstructure contains the most significant certificate data.

Note:

Each certificate context also contains a reference count indicating the number of copies of the context's address that have been assigned. Each time a certificate context is duplicated in any way, its reference count is incremented by one. Each time a pointer to a certificate context is freed, the reference count in the certificate context is decremented by one. When the reference count on a certificate context reaches zero, the memory holding the context is de-allocated. Memory allocated for a certificate context is also de-allocated when that context is in a store and the store is closed using CERT_CLOSE_STORE_FORCE_FLAG. If the memory for a context is de-allocated and pointers to that context are still in use, those pointers become invalid.

CertDuplicateStoreincreases the reference count on the store.

CertSaveStoresaves the contents of a store to a disk file or a memory location, and CertControlStoremanages a store while it is open. An application with an open store can be notified when the persisted state of that store has changed by some other process. This could happen if new certificates were copied to the local computer store from a domain control computer.

When changes are discovered, the cached store can re-synchronize its cached store to match the persisted state of the store. CertControlStorealso supports a process that copies cached store changes to permanent storage when these changes in the cached store are not automatically saved.

Certificate store-like certificate contexts can have extended properties. CertSetStorePropertyadds extended properties to a certificate store. CertGetStorePropertyretrieves any properties set on a certificate store. Currently, the only predefined certificate store property is a store's localized name.

See Also