Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The IX509AttributeExtensions interface defines methods and properties that initialize and retrieve certificate extensions in a certificate request. For example, the CertificateRequestInfo structure of a PKCS #10 request does not contain a field for version 3 extensions. Instead, the extensions must be added to the attributes collection in the request.
CertificationRequestInfo ::= SEQUENCE
{
version INTEGER { v1(0) } (v1,...),
subject Name,
subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
attributes [0] Attributes{{ CRIAttributes }}
}
Also, extensions are included in a CMC request by adding them to the TaggedAttributes structure shown in the following Abstract Syntax Notation One (ASN.1) syntax example. For more information, see Attributes and Extensions.
CmcData ::= SEQUENCE
{
controlSequence ControlSequence,
reqSequence ReqSequence,
cmsSequence CmsSequence,
otherMsgSequence OtherMsgSequence
}
ControlSequence ::= SEQUENCE OF TaggedAttribute
TaggedAttribute ::= SEQUENCE
{
bodyPartID BodyPartID,
type EncodedObjectID,
values AttributeSetValue
}
BodyPartID ::= INTEGER (0..4294967295)
EncodedObjectID ::= OBJECT IDENTIFIER
AttributeSetValue ::= SET OF ANY
You can create one or more version 3 extensions and include them in a certificate request in the following manner:
- Initialize any of the following IX509Extension objects:
- IX509ExtensionAlternativeNames
- IX509ExtensionAuthorityKeyIdentifier
- IX509ExtensionBasicConstraints
- IX509ExtensionCertificatePolicies
- IX509ExtensionMSApplicationPolicies
- IX509ExtensionEnhancedKeyUsage
- IX509ExtensionKeyUsage
- IX509ExtensionSmimeCapabilities
- IX509ExtensionSubjectKeyIdentifier
- IX509ExtensionTemplate
- IX509ExtensionTemplateName
- Add the extension objects into an IX509Extensions collection.
- Use the IX509Extensions collection to initialize an IX509AttributeExtensions object.
- Add the IX509AttributeExtensions object to an IX509Attributes collection.
- Use the IX509Attributes collection to initialize an ICryptAttribute object.
- Initialize a CMC or PKCS #10 request object and retrieve the ICryptAttributes collection.
- Add the ICryptAttribute object to the ICryptAttributes collection for the request.
Inheritance
The IX509AttributeExtensions interface inherits from IX509Attribute. IX509AttributeExtensions also has these types of members:
Methods
The IX509AttributeExtensions interface has these methods.
| IX509AttributeExtensions::get_X509Extensions Retrieves the certificate extensions. |
| IX509AttributeExtensions::InitializeDecode Initializes the object from a Distinguished Encoding Rules (DER) encoded byte array that contains the attribute value. (IX509AttributeExtensions.InitializeDecode) |
| IX509AttributeExtensions::InitializeEncode Initializes the object from an IX509Extensions collection. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | certenroll.h |