Export (0) Print
Expand All

Supported Attributes

The Certificate Enrollment API supports the following attributes. You can create an individual attribute by using the corresponding interface identified in each of the following sections.

ClientId

The IX509AttributeClientId interface can be used to define an attribute that contains information about the client computer that sent the certificate request. The information can be used for diagnostics.

Applies To:  PKCS #10 or CMC request.

OID:  XCN_OID_REQUEST_CLIENT_INFO (1.3.6.1.4.1.311.21.20)

Extensions

The IX509AttributeExtensions interface can be used to define a set of X.509 version 3 certificate extensions. The following extensions are supported. For more information, see the Extension Interfaces topic.

ExtensionDescription
AlternativeNamesContains one or more alternative name forms of the issuer associated with the certificate.
AuthorityKeyIdentifierContains a unique key identifier to differentiate between multiple certificate signing keys of the certification authority (CA).
BasicConstraintsIndicates whether the subject can act as a CA.
CertificatePoliciesIdentifies the policies and optional qualifier information associated with the certificate.
MSApplicationPoliciesIdentifies one or more uses for the certificate. This extension is similar to the EnhancedKeyUsage extension but is Microsoft-defined.
EnhancedKeyUsageIdentifies one or more uses of the public key contained in the certificate. The enhanced key usage extension can be used in addition to or in place of the key usage extension.
KeyUsageIdentifies restrictions on the operations that can be performed by the public key contained in the certificate.
SmimeCapabilitiesReports the decryption capabilities of an email recipient to the email sender to enable the sender to choose the most secure symmetric algorithm supported by both parties.
SubjectKeyIdentifierContains a unique key identifier that can be used to differentiate between multiple signing keys associated with the certificate owner.
TemplateIdentifies the template to use when issuing or renewing a certificate. The extension contains the object identifier (OID) of the template.
TemplateNameIdentifies the template to use when issuing or renewing a certificate. The extension contains the name of the template.

 

Applies To:  PKCS #10 request.

OID:  XCN_OID_RSA_certExtensions (1.2.840.113549.1.9.14)

ArchiveKey

The IX509AttributeArchiveKey interface can be used to define an attribute that contains an encrypted private key submitted to a CA for archiving.

Applies To:  CMC request.

OID:  XCN_OID_ARCHIVED_KEY_ATTR (1.3.6.1.4.1.311.21.13)

ArchiveKeyHash

The IX509AttributeArchiveKeyHash interface can be used to define a hash of the private key contained in the ArchiveKey attribute.

Applies To:  CMC request.

OID:  XCN_OID_ENCRYPTED_KEY_HASH (1.3.6.1.4.1.311.21.21)

CspProvider

The IX509AttributeCspProvider interface can be used to define an attribute that contains information about the cryptographic service provider (CSP) used by the requester for cryptographic operations.

Applies To:  PKCS #10 request. This attribute is automatically created when you create an IX509CertificateRequestPkcs10 object.

OID:  XCN_OID_ENROLLMENT_CSP_PROVIDER (1.3.6.1.4.1.311.13.2.2)

OSVersion

The IX509AttributeOSVersion interface can be used to create an attribute that contains version information about the client operating system. The information can be used by the CA to determine the type of processing to apply when creating the certificate.

Applies To:  PKCS #10 or CMC request.

OID:  XCN_OID_OS_VERSION (1.3.6.1.4.1.311.13.2.3)

RenewalCertificate

The IX509AttributeRenewalCertificate interface can be used to create an attribute that contains the certificate being renewed.

Applies To:  PKCS #10 request. This attribute is automatically created if you create a PKCS #10 request by initiating it with the certificate being renewed.

OID:  XCN_OID_RENEWAL_CERTIFICATE (1.3.6.1.4.1.311.13.1)

 

 

Community Additions

ADD
Show:
© 2015 Microsoft