IX509ExtensionBasicConstraints interface

The IX509ExtensionBasicConstraints interface enables you to specify whether the certificate subject is a certification authority and, if so, the depth of the subordinate certification authority chain that can exist beneath the certification authority for which this extension ID is defined. This extension must be marked Critical in any certification authority certificate that contains a public key used to validate a digital signature on a certificate. The following syntax shows the Abstract Syntax Notation One (ASN.1) structure of the extension. The extension value is encoded by using Distinguished Encoding Rules (DER) and is included in the certificate request.


----------------------------------------------------------------------
-- Basic Constraints
-- XCN_OID_BASIC_CONSTRAINTS2 (2.5.29.19)
----------------------------------------------------------------------

BasicConstraints2 ::= SEQUENCE 
{
   cA                  BOOLEAN DEFAULT FALSE,
   pathLenConstraint   INTEGER OPTIONAL
}

To add this extension object to a PKCS #10 request or a CMC request, you must first add it to an IX509Extensions collection and use the collection to initialize an IX509AttributeExtensions object. For more information, see the PKCS #10 Extensions and the CMC Extensions topics.

Members

The IX509ExtensionBasicConstraints interface inherits from IX509Extension. IX509ExtensionBasicConstraints also has these types of members:

Methods

The IX509ExtensionBasicConstraints interface has these methods.

MethodDescription
InitializeDecode

Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value.

InitializeEncode

Initializes the extension from a Boolean value that indicates whether the certificate subject is a certification authority (CA) and an integer that contains the depth of the subordinate CA chain.

 

Properties

The IX509ExtensionBasicConstraints interface has these properties.

PropertyDescription

IsCA

Retrieves a Boolean value that identifies whether the subject of the certificate is a certification authority.

PathLenConstraint

Retrieves the depth of the subordinate certification authority chain.

 

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

CertEnroll.h

DLL

CertEnroll.dll

See also

Certificate Enrollment API
IX509Extension

 

 

Community Additions

ADD
Show: