3.2.1.4.2.1.4.4 Storing Request Parameters in the Request Table

The CA MUST create a new row in the Request table and set the following values:

  • Request_Request_ID: Assign a unique value in this column.

  • Request_Disposition: Assign the value "request pending".

  • Request_Raw_Request: Assign the value of the pb field of the CERTTRANSBLOB structure contained in the pctbRequest parameter.

In addition, the CA MAY store request parameters in the Request table. If the CA decides to store the additional parameters, it MUST follow the processing rules specified in the following table. If the CA fails to store the request parameters in the Request table, the CA MUST return a nonzero error to the client. <73>

Column name

Processing rules

Request_Raw_Old_Certificate

If the request is a renewal request, the CA MUST store the X.509 certificate passed in the Certificates field of the CMS request as specified in [RFC3852] section 5.1.

Request_Request_Attributes

The CA MUST store all the request attributes as specified in 2.2.2.7.

Request_Request_Type

The CA MUST store the type of the request as passed in the dwFlags parameter. See section 3.2.1.4.3.1.1

Request_Request_Flags

The CA MUST store additional information on the request process in this column. Specified values are documented in [MS-CSRA] section 3.1.1.1.2.

Request_Status_Code

The CA MUST store the returned value from the call to ICertRequestD::Request or ICertRequestD2::Request2 methods.

Request_Submitted_When

The CA MUST store the time the request was received by the CA.

Request_Resolved_When

The CA MUST store the time the CA completed the request processing.

Request_Requester_Name

The CA MUST store the value of the requestername attribute that is passed in the request.

Request_Caller_Name

The value of the Per_Request.Caller_Account_Name ADM element.

Request_Signer_Policies

The CA MUST store the value of all the OIDs stored in the Policy extension of the certificate stored in the Certificate field in the CMS request as specified in [RFC3852] section 5.1.

Request_Signer_Application_Policies

The CA MUST store the value of all the OIDs stored in the EKU extension of the certificate stored in the Certificate field in the CMS request as specified in [RFC3852] section 5.1.

Request_Officer

The CA MUST store True if the caller name stored in the Request_Requester_Name column is an Officer_Rights as specified in [MS-CSRA].

Request_Distinguished_Name

The CA MUST store the distinguished name (DN) from the Subject field of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Raw_Name

The CA MUST store the Subject field of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Country

The CA MUST store the Country attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Organization

The CA MUST store the Organization attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Org_Unit

The CA MUST store the Organizational-Unit attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Common_Name

The CA MUST store the common name (CN) attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Locality

The CA MUST store the Locality attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_State

The CA MUST store the Province name attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Title

The CA MUST store the Title attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Given_Name

The CA MUST store the Given Name attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Initials

The CA MUST store the Initials attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_SurName

The CA MUST store the Surname attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Domain_Component

The CA MUST store the Domain Component attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Email

The CA MUST store the Email Address attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Street_Address

The CA MUST store the Street Address attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Unstructured_Name

The CA MUST store the Unstructured Name attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Unstructured_Address

The CA MUST store the Unstructured Address attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Device_Serial_Number

The CA MUST store the Device Serial Number attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4.

Request_Attestation_Challenge

The CA MUST store the AttestationChallenge attribute from the certificate request.

Request_Endorsement_Key_Hash

The CA MUST store the SHA2 hash of the trust module key from the certificate request as a hexadecimal string with no spaces.

Request_Endorsement_Certificate_Hash

The CA MUST store the SHA2 hash of the trust module certificate used for attestation from the certificate request as a hexadecimal string with no spaces.