Поделиться через


How to add Subject Alternative Name to your certificate requests (C#)

Hi all,

 

The other day a customer of mine wanted to add Subject Alternative Name (szOID_SUBJECT_ALT_NAME2 - "2.5.29.17" ) extension to his certificate requests in C# and he didn't know how.

We have IX509ExtensionAlternativeNames interface for that, and a C++ sample can be found here:

enrollCustomPKCS10
"
When you install the Microsoft Windows Software Development Kit (SDK), the sample is installed, by default, in the %ProgramFiles%\Microsoft SDKs\Windows\v7.0\Samples\Security\X509 Certificate Enrollment\VC\enrollCustomPKCS10 folder.
...
5.Creates an IAlternativeName object, initializes it by using the RFC822 name specified on the command line, Creates an IAlternativeNames collection, adds the new IAlternativeName (RFC822 name ) object to the collection, creates an IX509ExtensionAlternativeNames object and adds this object to the request.
"

This sample is available in the latest Microsoft SDK 7.1 too.

The C# code to set this extension should look something like this (taking a sample like this as a base: How to create a certificate request with CertEnroll and .NET (C#)):

  string strRfc822Name = "My Alternative RFC822 Name"; 
 ... 
 CAlternativeName objRfc822Name = new CAlternativeName(); 
 CAlternativeNames objAlternativeNames = new CAlternativeNames(); 
 CX509ExtensionAlternativeNames objExtensionAlternativeNames = new CX509ExtensionAlternativeNames(); 
 ... 
 
 // Set Alternative RFC822 Name 
 objRfc822Name.InitializeFromString(AlternativeNameType.XCN_CERT_ALT_NAME_RFC822_NAME, strRfc822Name); 
 
 // Set Alternative Names 
 objAlternativeNames.Add(objRfc822Name); 
 objExtensionAlternativeNames.InitializeEncode(objAlternativeNames); 
 objPkcs10.X509Extensions.Add((CX509Extension)objExtensionAlternativeNames); 
 
 

I hope this helps.

Regards,

 

Alex (Alejandro Campos Magencio)