3.1.2.4.2.2.2.10 Certificate.Template.msPKI-Certificate-Name-Flag

The following processing rules are applied to flags in the Certificate.Template.msPKI-Certificate-Name-Flag datum.

  1. If the CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT flag or the CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT_ALT_NAME flag is set, then:

    1. If the CT_FLAG_OLD_CERT_SUPPLIES_SUBJECT_AND_ALT_NAME flag is set and the enrollment client is creating a renewal request, the client SHOULD <64>:

      1. Use the value of the Subject field to populate the Name filed of the PKCS #10 request (see section 3.1.1.4.3.1.1).

      2. Add a subject alternative name extension to the certificate extensions attribute szOID_CERT_EXTENSIONS (section 2.2.2.7.7) of the PKCS #10 request (see section 3.1.1.4.3.1.1).

    2. Otherwise, the client MUST supply subject information in the certificate request in the Name field or the subject alternative name extension in the certificate extensions attribute szOID_CERT_EXTENSIONS of the PKCS #10 request (see section 3.1.1.4.3.1.1).

  2. If neither the CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT flag nor the CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT_ALT_NAME flag is set, the client MUST set the Subject field to empty and encode it as a 0 length DER-encoded sequence.