PKCS #10 Extensions
Extensions are included in a PKCS #10 certificate request by adding them to the attributes field of the CertificationRequestInfo structure shown in the following ASN.1 syntax example. For more information, see the Attributes topic.
CertificationRequestInfo ::= SEQUENCE
{
version CertificationRequestInfoVersion,
subject ANY,
subjectPublicKeyInfo SubjectPublicKeyInfo,
attributes [0] IMPLICIT Attributes
}
Attributes ::= SET OF Attribute
Attribute ::= SEQUENCE
{
type EncodedObjectID,
values AttributeSetValue
}
The following procedure discusses how to use the Certificate Enrollment API to add extensions to a PKCS #10 certificate request:
- Retrieve an IX509Extensions collection by calling the X509Extension property on the IX509CertificateRequestPkcs10 object.
- Create an extension by using any of the available interfaces that derive from the IX509Extension interface.
- Add the extensions created in step 2 to the IX509Extensions collection retrieved in step 1.
Related topics