188.8.131.52 Sanitizing Common Names
Lightweight Directory Access Protocol (LDAP) limits subelements to a maximum of 64 [UNICODE] characters. Because the Windows Client Certificate Enrollment Protocol uses Active Directory [MS-ADTS] to communicate with the directory for retrieval and storage of certificates and certificate templates, objects with longer names (in excess of 64 [UNICODE] characters) necessitates sanitation.
In the following example, the number sign (#) is replaced by !0023, the percent (%) is replaced by !0025, and the carat symbol (^) is replaced by !005e.
Original Name: 'LongCAName(WithSpeci@#$%^Characters' Sanitized Name: 'LongCAName!0028WithSpeci@!0023$!0025!005eCharacters'
The algorithm for creating a sanitized name is specified in section 184.108.40.206.1.1.