The Certificate Enrollment SDK can be used to create PKCS #10, PKCS #7, CMC, and self-signed certificate requests. Each type of request is represented by one of the interfaces listed in the following table. All request interfaces inherit directly or indirectly from the IX509CertificateRequest interface.
|IX509CertificateRequestPkcs10||Represents a PKCS #10 request. This interface inherits from IX509CertificateRequest.|
|IX509CertificateRequestPkcs7||Represents a PKCS #7 request. This interface inherits from IX509CertificateRequest.|
|IX509CertificateRequestCertificate||Represents a self-signed certificate. This interface inherits from IX509CertificateRequestPkcs10.|
|IX509CertificateRequestCmc||Represents a CMC request. This interface inherits from IX509CertificateRequestPkcs7.|
The following illustration shows the inheritance structure of the request objects supported by the Certificate Enrollment API. An IX509CertificateRequest object serves, directly or indirectly, as the base class for all of the available request objects.
Regardless of type, a certificate request contains information about the subject making the request, the subject's public key, a set of attributes, a set of X.509 version 3 extensions (which may be submitted as part of the attributes), and a signature. These issues are addressed by the following topics: