Appendix 5: ASN.1 File Structure

Applies To: Windows Server 2003 with SP1

Compiling an ASN.1 BLOB requires advanced knowledge about ASN.1 encoding. When developing your own applications, it is highly recommended that you use an encoding function such as CCertEncodeAltName to create the ASN.1 BLOB. See ICertEncodeAltName (

Manually developing and parsing such ASN.1 data structure(s) is time-consuming and prone to error due to the overall complexity of the data encoding rules.

The following is a sample ASN.1 BLOB that was used to add a server’s GUID and its DNS name to the subject alternative name extension of a certificate. The first line in both boxes is the actual ASN.1 BLOB; the lines following explain per column what the field in the BLOB actually represents. Note that the full ASN.1 BLOB is the following sequence.

30468223636B696E64657230312E6575726F70652E636F72702E6D6963726F736F66742E636F6D A01F06092B0601040182371901A012041063303530353634346161313364326338

The following boxes explain in greater detail the breakdown of the ASN.1.

  Total length of ASN.1 string 
     Generalname see for a list of General 
      Lenth of DNS name -----------------------------------------------------| 
        DNS name ------------------------------------------------------------| 
 Generalname see 
  Length of othername -------------------------------------------| 
    Other name OID-------| 
                           Generalname see 
                            Length of datatype and othername 
                              Other name datatype see 
                                Length of othername 
                                  GUID --------------------------|

For more information about ASN.1 encoding, see the MSDN article, Example C Program: Converting Names from Certificates to ASN.1 and Back (