3.2.2.6.2.1.1 Parsing and Verifying pwszAttributes

  • Article

In addition to the processing rules specified in section 3.2.1.4.2.1.2, the server MUST support the following attributes:

  • CertificateTemplate:

    • Processing: The server MUST use this attribute when processing the request. Specifications are in section 3.2.2.6.2.1.4.1.

  • cdc:

    • Processing: If for any reason the CA fails to read information on the requesting end entity from the working directory and the client provided this attribute in the request, it MUST try to read that information from the Active Directory server by invoking the processing rules in section 3.2.2.1.3 (and its subsections) with input parameters DCName set to the value of the cdc attribute and EndEntityDistinguishedName set equal to the requester's distinguished name.

  • Rmd:

    • Processing: The CA SHOULD verify the value of this attribute with the FQDN for the requestor obtained from the dNSHostName attribute of the requester's object in the working directory. The CA MUST obtain the dNSHostName attribute by invoking the processing rules in section 3.2.2.1.2 with input parameter EndEntityDistinguishedName set equal to the requester distinguished name and then retrieving the dNSHostName from the returned EndEntityAttributes output parameter.