1.3.2.5 Sanitizing Common Names

Lightweight Directory Access Protocol (LDAP) limits subelements to a maximum of 64 [UNICODE] characters. Because the Windows Client Certificate Enrollment Protocol uses Active Directory [MS-ADTS] to communicate with the directory for retrieval and storage of certificates and certificate templates, objects with longer names (in excess of 64 [UNICODE] characters) necessitates sanitation.

The algorithm for creating a sanitized name is specified in section 3.1.1.4.1.1.

In the following example, the number sign (#) is replaced by !0023, the percent (%) is replaced by !0025, and the carat symbol (^) is replaced by !005e.

 Original Name: 'LongCAName(WithSpeci@#$%^Characters'
 Sanitized Name: 'LongCAName!0028WithSpeci@!0023$!0025!005eCharacters'

The algorithm for creating a sanitized name is specified in section 3.1.1.4.1.1.