2.2.4.36.9 SignCertificate

The TAG value for this optional setting is 0x0008. The LENGTH value for this setting MUST be larger than 4. The DATA field contains an ASN.1 DER encoded X.509 certificate, as specified in [RFC3280].<30>

For a specified PtypBinary ([MS-OXCDATA] section 2.11.1) value in the PidTagUserX509Certificate property (section 2.2.4.36), if the SignCertificate setting is present, the SignSHA1Hash setting MUST NOT be present.

The client and the server SHOULD use the SignCertificate setting instead of the SignSHA1Hash setting.