PKCS #10 Encoded ASN.1

The following example contains a PKCS #10 request shown in ASN.1 format. The example was generated by using the Certreq.exe and Certutil.exe tools. The .inf file used as input to Certreq.exe contains the following configuration.

[NewRequest]
Subject="cn=TestCN,o=TestOrg"
RequestType=pkcs10

[RequestAttributes]
CertificateTemplate=User

This configuration generates the following sample output. The configuration specifies the subject, type of request (PKCS #10), and certificate template (User). The User template specifies that:

  • The request must use either the Microsoft Base Cryptographic Provider 1.0 or the Microsoft Enhanced Cryptographic Provider 1.0.
  • The subject name must be built from Active Directory.
  • The request includes the Certificate Template Name, Enhanced Key Usage (EKU), and Key Usage extensions. The EKU extension specifies that the issued certificate can be used for Encrypting File System (EFS), secure email, and client authentication.
0000: 30 82 03 19               ; SEQUENCE (319 Bytes)
0004:    30 82 02 82                ; SEQUENCE (282 Bytes)
0008:    |  02 01               ; INTEGER (1 Bytes)
000a:    |  |  00
000b:    |  30 23               ; SEQUENCE (23 Bytes)
000d:    |  |  31 0f                ; SET (f Bytes)
000f:    |  |  |  30 0d             ; SEQUENCE (d Bytes)
0011:    |  |  |     06 03          ; OBJECT_ID (3 Bytes)
0013:    |  |  |     |  55 04 03
         |  |  |     |     ; 2.5.4.3 Common Name (CN)
0016:    |  |  |     13 06          ; PRINTABLE_STRING (6 Bytes)
0018:    |  |  |        54 65 73 74 43 4e                                 ; TestCN
         |  |  |           ; "TestCN"
001e:    |  |  31 10                ; SET (10 Bytes)
0020:    |  |     30 0e             ; SEQUENCE (e Bytes)
0022:    |  |        06 03          ; OBJECT_ID (3 Bytes)
0024:    |  |        |  55 04 0a
         |  |        |     ; 2.5.4.10 Organization (O)
0027:    |  |        13 07          ; PRINTABLE_STRING (7 Bytes)
0029:    |  |           54 65 73 74 4f 72 67                              ; TestOrg
         |  |              ; "TestOrg"
0030:    |  30 81 9f                ; SEQUENCE (9f Bytes)
0033:    |  |  30 0d                ; SEQUENCE (d Bytes)
0035:    |  |  |  06 09             ; OBJECT_ID (9 Bytes)
0037:    |  |  |  |  2a 86 48 86 f7 0d 01 01  01
         |  |  |  |     ; 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
0040:    |  |  |  05 00             ; NULL (0 Bytes)
0042:    |  |  03 81 8d             ; BIT_STRING (8d Bytes)
0045:    |  |     00
0046:    |  |     30 81 89          ; SEQUENCE (89 Bytes)
0049:    |  |        02 81 81           ; INTEGER (81 Bytes)
004c:    |  |        |  00
004d:    |  |        |  8f e2 41 2a 08 e8 51 a8  8c b3 e8 53 e7 d5 49 50
005d:    |  |        |  b3 27 8a 2b cb ea b5 42  73 ea 02 57 cc 65 33 ee
006d:    |  |        |  88 20 61 a1 17 56 c1 24  18 e3 a8 08 d3 be d9 31
007d:    |  |        |  f3 37 0b 94 b8 cc 43 08  0b 70 24 f7 9c b1 8d 5d
008d:    |  |        |  d6 6d 82 d0 54 09 84 f8  9f 97 01 75 05 9c 89 d4
009d:    |  |        |  d5 c9 1e c9 13 d7 2a 6b  30 91 19 d6 d4 42 e0 c4
00ad:    |  |        |  9d 7c 92 71 e1 b2 2f 5c  8d ee f0 f1 17 1e d2 5f
00bd:    |  |        |  31 5b b1 9c bc 20 55 bf  3a 37 42 45 75 dc 90 65
00cd:    |  |        02 03          ; INTEGER (3 Bytes)
00cf:    |  |           01 00 01
00d2:    |  a0 82 01 b4             ; OPTIONAL[0] (1b4 Bytes)
00d6:    |     30 1a                ; SEQUENCE (1a Bytes)
00d8:    |     |  06 0a             ; OBJECT_ID (a Bytes)
00da:    |     |  |  2b 06 01 04 01 82 37 0d  02 03
         |     |  |     ; 1.3.6.1.4.1.311.13.2.3 OS Version
00e4:    |     |  31 0c             ; SET (c Bytes)
00e6:    |     |     16 0a          ; IA5_STRING (a Bytes)
00e8:    |     |        36 2e 30 2e 35 33 36 31  2e 32                    ; 6.0.5361.2
         |     |           ; "6.0.5361.2"
00f2:    |     30 42                ; SEQUENCE (42 Bytes)
00f4:    |     |  06 0a             ; OBJECT_ID (a Bytes)
00f6:    |     |  |  2b 06 01 04 01 82 37 0d  02 01
         |     |  |     ; 1.3.6.1.4.1.311.13.2.1 Enrollment Name Value Pair
0100:    |     |  31 34             ; SET (34 Bytes)
0102:    |     |     30 32          ; SEQUENCE (32 Bytes)
0104:    |     |        1e 26           ; UNICODE_STRING (26 Bytes)
0106:    |     |        |  00 43 00 65 00 72 00 74  00 69 00 66 00 69 00 63  ; .C.e.r.t.i.f.i.c
0116:    |     |        |  00 61 00 74 00 65 00 54  00 65 00 6d 00 70 00 6c  ; .a.t.e.T.e.m.p.l
0126:    |     |        |  00 61 00 74 00 65                                 ; .a.t.e
         |     |        |     ; "CertificateTemplate"
012c:    |     |        1e 08           ; UNICODE_STRING (8 Bytes)
012e:    |     |           00 55 00 73 00 65 00 72                           ; .U.s.e.r
         |     |              ; "User"
0136:    |     30 57                ; SEQUENCE (57 Bytes)
0138:    |     |  06 09             ; OBJECT_ID (9 Bytes)
013a:    |     |  |  2b 06 01 04 01 82 37 15  14
         |     |  |     ; 1.3.6.1.4.1.311.21.20 Client Information
0143:    |     |  31 4a             ; SET (4a Bytes)
0145:    |     |     30 48          ; SEQUENCE (48 Bytes)
0147:    |     |        02 01           ; INTEGER (1 Bytes)
0149:    |     |        |  09
014a:    |     |        0c 23           ; UTF8_STRING (23 Bytes)
014c:    |     |        |  76 69 63 68 33 64 2e 6a  64 6f 6d 63 73 63 2e 6e  ; vich3d.jdomcsc.n
015c:    |     |        |  74 74 65 73 74 2e 6d 69  63 72 6f 73 6f 66 74 2e  ; ttest.microsoft.
016c:    |     |        |  63 6f 6d                                          ; com
         |     |        |     ; "vich3d.jdomcsc.nttest.microsoft.com"
016f:    |     |        0c 15           ; UTF8_STRING (15 Bytes)
0171:    |     |        |  4a 44 4f 4d 43 53 43 5c  61 64 6d 69 6e 69 73 74  ; JDOMCSC\administ
0181:    |     |        |  72 61 74 6f 72                                    ; rator
         |     |        |     ; "JDOMCSC\administrator"
0186:    |     |        0c 07           ; UTF8_STRING (7 Bytes)
0188:    |     |           63 65 72 74 72 65 71                              ; certreq
         |     |              ; "certreq"
018f:    |     30 74                ; SEQUENCE (74 Bytes)
0191:    |     |  06 0a             ; OBJECT_ID (a Bytes)
0193:    |     |  |  2b 06 01 04 01 82 37 0d  02 02
         |     |  |     ; 1.3.6.1.4.1.311.13.2.2 Enrollment CSP
019d:    |     |  31 66             ; SET (66 Bytes)
019f:    |     |     30 64          ; SEQUENCE (64 Bytes)
01a1:    |     |        02 01           ; INTEGER (1 Bytes)
01a3:    |     |        |  01
01a4:    |     |        1e 5c           ; UNICODE_STRING (5c Bytes)
01a6:    |     |        |  00 4d 00 69 00 63 00 72  00 6f 00 73 00 6f 00 66  ; .M.i.c.r.o.s.o.f
01b6:    |     |        |  00 74 00 20 00 45 00 6e  00 68 00 61 00 6e 00 63  ; .t. .E.n.h.a.n.c
01c6:    |     |        |  00 65 00 64 00 20 00 43  00 72 00 79 00 70 00 74  ; .e.d. .C.r.y.p.t
01d6:    |     |        |  00 6f 00 67 00 72 00 61  00 70 00 68 00 69 00 63  ; .o.g.r.a.p.h.i.c
01e6:    |     |        |  00 20 00 50 00 72 00 6f  00 76 00 69 00 64 00 65  ; . .P.r.o.v.i.d.e
01f6:    |     |        |  00 72 00 20 00 76 00 31  00 2e 00 30              ; .r. .v.1...0
         |     |        |     ; "Microsoft Enhanced Cryptographic Provider v1.0"
0202:    |     |        03 01           ; BIT_STRING (1 Bytes)
0204:    |     |           00
0205:    |     30 81 82             ; SEQUENCE (82 Bytes)
0208:    |        06 09             ; OBJECT_ID (9 Bytes)
020a:    |        |  2a 86 48 86 f7 0d 01 09  0e
         |        |     ; 1.2.840.113549.1.9.14 Certificate Extensions
0213:    |        31 75             ; SET (75 Bytes)
0215:    |           30 73          ; SEQUENCE (73 Bytes)
0217:    |              30 17           ; SEQUENCE (17 Bytes)
0219:    |              |  06 09        ; OBJECT_ID (9 Bytes)
021b:    |              |  |  2b 06 01 04 01 82 37 14  02
         |              |  |     ; 1.3.6.1.4.1.311.20.2 Certificate Template Name (Certificate Type)
0224:    |              |  04 0a        ; OCTET_STRING (a Bytes)
0226:    |              |     1e 08 00 55 00 73 00 65  00 72                    ; ...U.s.e.r
0230:    |              30 29           ; SEQUENCE (29 Bytes)
0232:    |              |  06 03        ; OBJECT_ID (3 Bytes)
0234:    |              |  |  55 1d 25
         |              |  |     ; 2.5.29.37 Enhanced Key Usage
0237:    |              |  04 22        ; OCTET_STRING (22 Bytes)
0239:    |              |     30 20     ; SEQUENCE (20 Bytes)
023b:    |              |        06 0a      ; OBJECT_ID (a Bytes)
023d:    |              |        |  2b 06 01 04 01 82 37 0a  03 04
         |              |        |     ; 1.3.6.1.4.1.311.10.3.4 Encrypting File System
0247:    |              |        06 08      ; OBJECT_ID (8 Bytes)
0249:    |              |        |  2b 06 01 05 05 07 03 04
         |              |        |     ; 1.3.6.1.5.5.7.3.4 Secure Email
0251:    |              |        06 08      ; OBJECT_ID (8 Bytes)
0253:    |              |           2b 06 01 05 05 07 03 02
         |              |              ; 1.3.6.1.5.5.7.3.2 Client Authentication
025b:    |              30 0e           ; SEQUENCE (e Bytes)
025d:    |              |  06 03        ; OBJECT_ID (3 Bytes)
025f:    |              |  |  55 1d 0f
         |              |  |     ; 2.5.29.15 Key Usage
0262:    |              |  01 01        ; BOOL (1 Bytes)
0264:    |              |  |  ff
0265:    |              |  04 04        ; OCTET_STRING (4 Bytes)
0267:    |              |     03 02     ; BIT_STRING (2 Bytes)
0269:    |              |        05
026a:    |              |        a0
026b:    |              30 1d           ; SEQUENCE (1d Bytes)
026d:    |                 06 03        ; OBJECT_ID (3 Bytes)
026f:    |                 |  55 1d 0e
         |                 |     ; 2.5.29.14 Subject Key Identifier
0272:    |                 04 16        ; OCTET_STRING (16 Bytes)
0274:    |                    04 14     ; OCTET_STRING (14 Bytes)
0276:    |                       3c 0f 73 da f8 ef 41 d8  3a ea be 92 2a 5d 2c 96  ; <.s...A.:...*],.
0286:    |                       6a 7b 94 54                                       ; j{.T
028a:    30 0d                  ; SEQUENCE (d Bytes)
028c:    |  06 09               ; OBJECT_ID (9 Bytes)
028e:    |  |  2a 86 48 86 f7 0d 01 01  05
         |  |     ; 1.2.840.113549.1.1.5 sha1RSA
0297:    |  05 00               ; NULL (0 Bytes)
0299:    03 81 81               ; BIT_STRING (81 Bytes)
029c:       00
029d:       47 eb 99 5a df 9e 70 0d  fb a7 31 32 c1 5f 5c 24
02ad:       c2 e0 bf c6 24 af 15 66  0e b8 6a 2e ab 2b c4 97
02bd:       1f e3 cb dc 63 a5 25 ec  c7 b4 28 61 66 36 a1 31
02cd:       1b bf dd d0 fc bf 17 94  90 1d e5 5e c7 11 5e c9
02dd:       55 9f eb a3 3e 14 c7 99  a6 cb ba a1 46 0f 39 d4
02ed:       44 c4 c8 4b 76 0e 20 5d  6d a9 34 9e d4 d5 87 42
02fd:       eb 24 26 51 14 90 b4 0f  06 5e 52 88 32 7a 95 20
030d:       a0 fd f7 e5 7d 60 dd 72  68 9b f5 7b 05 8f 6d 1e
CertUtil: -asn command completed successfully.

Sample Requests