Certificate Extended Properties

The data in a certificate, certificate revocation list (CRL), or certificate trust list (CTL) context, including any extensions, is read-only and cannot be changed. However, on Microsoft platforms, CryptoAPI certificates also have dynamic extended properties that can be added and changed.

Note  Extended properties are associated with a certificate and are not part of a certificate as issued by a certification authority (CA). Extended properties are not available on a certificate when it is used on a non-Microsoft platform.

These properties include data that:

  • Pertains to the private key to be used with the certificate.
  • Indicates the type of hashes to be performed on the certificate.
  • Provides user-defined information associated with the certificate.

On Microsoft platforms, values for these properties are attached to and move with the certificate. Currently predefined properties identified with property IDs include the following properties:

  • These properties tie a certificate to a particular CSP and, within that CSP, to a particular private key:
  • These properties indicate the hashing algorithm to be used when a hashing operation is performed:

For complete lists of currently defined extended certificate properties and descriptions of the meaning and use of each property, see CertGetCertificateContextProperty and CertSetCertificateContextProperty.

Related topics