IX509CertificateRequestPkcs10 interface

The IX509CertificateRequestPkcs10 interface represents a PKCS #10 certificate request. The public key cryptography standard (PKCS) #10 defines the format of messages sent to a certification or registration authority to request a public-key certificate.

A PKCS #10 ASN.1 request object contains a version identifier, the subject name, a public key and a set of attributes as shown by the following syntax example.


--------------------------------------------------------------------
-- Certificate request.
--------------------------------------------------------------------
CertificationRequestInfo ::= SEQUENCE 
{
   version                 CertificationRequestInfoVersion,
   subject                 Name,
   subjectPublicKeyInfo    SubjectPublicKeyInfo,
   attributes              [0] IMPLICIT Attributes
}

-------------------------------------------------------
-- Version number.
-------------------------------------------------------
CertificationRequestInfoVersion ::= INTEGER

-------------------------------------------------------
-- Subject distinguished name (DN).
-------------------------------------------------------
Name ::= SEQUENCE OF RelativeDistinguishedName

RelativeDistinguishedName ::= SET OF AttributeTypeValue

AttributeTypeValue ::= SEQUENCE 
{
   type               EncodedObjectID,
   value              ANY 
}

-------------------------------------------------------
-- Public key information.
-------------------------------------------------------
SubjectPublicKeyInfo ::= SEQUENCE 
{
   algorithm           AlgorithmIdentifier,
   subjectPublicKey    BITSTRING
}

-------------------------------------------------------
-- Attributes.
-------------------------------------------------------
Attributes ::= SET OF Attribute

Attribute ::= SEQUENCE 
{
   type               EncodedObjectID,
   values             AttributeSetValue
}

The CertificationRequestInfo ASN.1 object is wrapped in a CertificationRequest object as shown by the following syntax. The CertificationRequest object also includes the signature and the signature algorithm. A PKCS #10 request must be signed by the associated private key or null-signed if it is a cross-certification request. You can call the RawData property to retrieve the signed CertificationRequest object, and you can call the RawDataToBeSigned property to retrieve the unsigned CertificationRequestInfo object.


--------------------------------------------------------------------
-- Certificate request.
--------------------------------------------------------------------
CertificationRequest ::= SEQUENCE 
{
   certificationRequestInfo   CertificationRequestInfo,
   signatureAlgorithm         AlgorithmIdentifier,
   signature                  BIT STRING
}

--------------------------------------------
--  Algorithm Identifier
--------------------------------------------
AlgorithmIdentifier ::= SEQUENCE 
{
   algorithm           EncodedObjectID,
   parameters          ANY OPTIONAL
}

The following properties can be set before calling the Encode method:

Also, the Silent, ParentWindow, and UIContextMessage properties are typically called before calling an initialization method.

The following properties must be set, if at all, before calling the Encode method:

Members

The IX509CertificateRequestPkcs10 interface inherits from IX509CertificateRequest. IX509CertificateRequestPkcs10 also has these types of members:

Methods

The IX509CertificateRequestPkcs10 interface has these methods.

MethodDescription
CheckSignature

Verifies that the certificate request has been signed and that the signature is valid.

GetCspStatuses

Retrieves a collection of ICspStatus objects that matches the intended key use passed to the function.

InitializeDecode

Decodes an existing signed or unsigned PKCS #10 certificate request and uses it to initialize the new PKCS #10 request object.

InitializeFromCertificate

Initializes the certificate request by using an existing certificate.

InitializeFromPrivateKey

Initializes the certificate request by using an IX509PrivateKey object and, optionally, a template.

[WebEnabled]

InitializeFromPublicKey

Initializes a null-signed certificate request by using an IX509PublicKey object and, optionally, a template.

InitializeFromTemplateName

Initializes the certificate request by using a template.

IsSmartCard

Retrieves a Boolean value that indicates whether any of the cryptographic providers associated with the request object is a smart card provider.

 

Properties

The IX509CertificateRequestPkcs10 interface has these properties.

PropertyDescription

CriticalExtensions

Retrieves an IObjectIds collection that identifies the version 3 certificate extensions marked as critical.

CryptAttributes

Retrieves an ICryptAttributes collection of optional certificate attributes.

CspStatuses

Retrieves a collection of ICspStatus objects that matches the intended use of the private key associated with the certificate request.

KeyContainerNamePrefix

Specifies or retrieves a prefix used to create the container name for a new private key.

NullSigned

Retrieves a Boolean value that indicates whether the certificate request is null-signed.

OldCertificate

Retrieves the certificate passed to the InitializeFromCertificate method.

PrivateKey

Retrieves an IX509PrivateKey object that contains the private key used to sign the certificate request.

[WebEnabled]

PublicKey

Retrieves the IX509PublicKey object that contains the public key included in the certificate request.

RawDataToBeSigned

Retrieves the unsigned certificate request created by the Encode method.

ReuseKey

Retrieves a Boolean value that indicates whether an existing private key was used to sign the request.

Signature

Retrieves the request signature created by the Encode method.

SignatureInformation

Retrieves the IX509SignatureInformation object that contains information about the certificate request signature.

[WebEnabled]

SmimeCapabilities

Specifies or retrieves a Boolean value that tells the Encode method whether to create an IX509ExtensionSmimeCapabilities collection that identifies the encryption capabilities supported by the computer.

[WebEnabled]

Subject

Specifies or retrieves the X.500 distinguished name of the entity requesting the certificate.

[WebEnabled]

SuppressOids

Retrieves a collection of the default extension and attribute object identifiers that were not added to the request when the request was encoded.

TemplateObjectId

Retrieves the object identifier of the template used to create the certificate request.

X509Extensions

Retrieves a collection of the extensions included in the certificate request.

[WebEnabled]

 

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

CertEnroll.h

DLL

CertEnroll.dll

See also

CertEnroll Interfaces
IX509CertificateRequest

 

 

Community Additions

ADD
Show:
© 2015 Microsoft