PKCS #10 Extensions

Article
01/07/2021

Extensions are included in a PKCS #10 certificate request by adding them to the attributes field of the CertificationRequestInfo structure shown in the following ASN.1 syntax example. For more information, see the Attributes topic.

CertificationRequestInfo ::= SEQUENCE 
{
   version                 CertificationRequestInfoVersion,
   subject                 ANY,
   subjectPublicKeyInfo    SubjectPublicKeyInfo,
   attributes              [0] IMPLICIT Attributes
}

Attributes ::= SET OF Attribute

Attribute ::= SEQUENCE 
{
   type       EncodedObjectID,
   values     AttributeSetValue
}

The following procedure discusses how to use the Certificate Enrollment API to add extensions to a PKCS #10 certificate request:

Retrieve an IX509Extensions collection by calling the X509Extension property on the IX509CertificateRequestPkcs10 object.
Create an extension by using any of the available interfaces that derive from the IX509Extension interface.
Add the extensions created in step 2 to the IX509Extensions collection retrieved in step 1.

Attributes
Attribute Architecture
PKCS #10 Attributes
Extensions

Share via

PKCS #10 Extensions

Feedback

Additional resources

Share via

PKCS #10 Extensions

Related topics

Feedback

Additional resources