CertCreateCertificateChainEngine throws an error in windows 7

2
ChainConfig.cbSize = sizeof(CERT_CHAIN_ENGINE_CONFIG);
ChainConfig.hRestrictedRoot = NULL;
ChainConfig.hRestrictedTrust = NULL;  
ChainConfig.hRestrictedOther = NULL;
ChainConfig.cAdditionalStore = 0;  
ChainConfig.rghAdditionalStore = NULL;
ChainConfig.dwFlags = CERT_CHAIN_CACHE_END_CERT;
ChainConfig.dwUrlRetrievalTimeout = 0;
ChainConfig.MaximumCachedCertificates = 0;
ChainConfig.CycleDetectionModulus = 0;

//---------------------------------------------------------
// Create the nondefault certificate chain engine.
if (CertCreateCertificateChainEngine(
        &ChainConfig,
        &hChainEngine)){
        printf("A chain engine has been created.\n");}

Getting error 0x80070057 (-2147024809) The parameter is incorrect, can someone help here ?

windows
cryptography
cryptoapi
windows-api-code-pack

1 Answer

0

I hope you've managed to solve this issue already. If not, here's my somewhat late answer:

It looks like you're working with Microsoft's example code for creating a certificate chain. Unfortunately it seems to be out of date; if you examine the documentation for CERT_CHAIN_ENGINE_CONFIG, you'll see that there are two more member variables that need to be initialized in Windows 7, hExclusiveRoot and hExclusiveTrustedPeople.

You could set them to NULL (if you don't need them) to take care of the error:

ChainConfig.hExclusiveRoot = NULL;
ChainConfig.hExclusiveTrustedPeople = NULL;
answered on Stack Overflow Oct 16, 2017 by frslm

User contributions licensed under CC BY-SA 3.0