IX509CertificateRequestPkcs10 interface

The IX509CertificateRequestPkcs10 interface represents a PKCS #10 certificate request. The public key cryptography standard (PKCS) #10 defines the format of messages sent to a certification or registration authority to request a public-key certificate.

A PKCS #10 ASN.1 request object contains a version identifier, the subject name, a public key and a set of attributes as shown by the following syntax example.


--------------------------------------------------------------------
-- Certificate request.
--------------------------------------------------------------------
CertificationRequestInfo ::= SEQUENCE 
{
   version                 CertificationRequestInfoVersion,
   subject                 Name,
   subjectPublicKeyInfo    SubjectPublicKeyInfo,
   attributes              [0] IMPLICIT Attributes
}

-------------------------------------------------------
-- Version number.
-------------------------------------------------------
CertificationRequestInfoVersion ::= INTEGER

-------------------------------------------------------
-- Subject distinguished name (DN).
-------------------------------------------------------
Name ::= SEQUENCE OF RelativeDistinguishedName

RelativeDistinguishedName ::= SET OF AttributeTypeValue

AttributeTypeValue ::= SEQUENCE 
{
   type               EncodedObjectID,
   value              ANY 
}

-------------------------------------------------------
-- Public key information.
-------------------------------------------------------
SubjectPublicKeyInfo ::= SEQUENCE 
{
   algorithm           AlgorithmIdentifier,
   subjectPublicKey    BITSTRING
}

-------------------------------------------------------
-- Attributes.
-------------------------------------------------------
Attributes ::= SET OF Attribute

Attribute ::= SEQUENCE 
{
   type               EncodedObjectID,
   values             AttributeSetValue
}
The CertificationRequestInfo ASN.1 object is wrapped in a CertificationRequest object as shown by the following syntax. The CertificationRequest object also includes the signature and the signature algorithm. A PKCS #10 request must be signed by the associated private key or null-signed if it is a cross-certification request. You can call the RawData property to retrieve the signed CertificationRequest object, and you can call the RawDataToBeSigned property to retrieve the unsigned CertificationRequestInfo object.

--------------------------------------------------------------------
-- Certificate request.
--------------------------------------------------------------------
CertificationRequest ::= SEQUENCE 
{
   certificationRequestInfo   CertificationRequestInfo,
   signatureAlgorithm         AlgorithmIdentifier,
   signature                  BIT STRING
}

--------------------------------------------
--  Algorithm Identifier
--------------------------------------------
AlgorithmIdentifier ::= SEQUENCE 
{
   algorithm           EncodedObjectID,
   parameters          ANY OPTIONAL
}
The following properties can be set before calling the Encode method:Also, the Silent, ParentWindow, and UIContextMessage properties are typically called before calling an initialization method.

The following properties must be set, if at all, before calling the Encode method:

Methods

The IX509CertificateRequestPkcs10 interface has these methods.

Method Description
IX509CertificateRequestPkcs10::CheckSignature Verifies that the certificate request has been signed and that the signature is valid.
IX509CertificateRequestPkcs10::get_CriticalExtensions Retrieves an IObjectIds collection that identifies the version 3 certificate extensions marked as critical.
IX509CertificateRequestPkcs10::get_CryptAttributes Retrieves an ICryptAttributes collection of optional certificate attributes.
IX509CertificateRequestPkcs10::get_CspStatuses Retrieves a collection of ICspStatus objects that matches the intended use of the private key associated with the certificate request.
IX509CertificateRequestPkcs10::get_KeyContainerNamePrefix Specifies or retrieves a prefix used to create the container name for a new private key.
IX509CertificateRequestPkcs10::get_NullSigned Retrieves a Boolean value that indicates whether the certificate request is null-signed.
IX509CertificateRequestPkcs10::get_OldCertificate Retrieves the certificate passed to the InitializeFromCertificate method.
IX509CertificateRequestPkcs10::get_PrivateKey Retrieves an IX509PrivateKey object that contains the private key used to sign the certificate request.
IX509CertificateRequestPkcs10::get_PublicKey Retrieves the IX509PublicKey object that contains the public key included in the certificate request.
IX509CertificateRequestPkcs10::get_RawDataToBeSigned Retrieves the unsigned certificate request created by the Encode method.
IX509CertificateRequestPkcs10::get_ReuseKey Retrieves a Boolean value that indicates whether an existing private key was used to sign the request.
IX509CertificateRequestPkcs10::get_Signature Retrieves the request signature created by the Encode method.
IX509CertificateRequestPkcs10::get_SignatureInformation Retrieves the IX509SignatureInformation object that contains information about the certificate request signature.
IX509CertificateRequestPkcs10::get_SmimeCapabilities Specifies or retrieves a Boolean value that tells the Encode method whether to create an IX509ExtensionSmimeCapabilities collection that identifies the encryption capabilities supported by the computer.
IX509CertificateRequestPkcs10::get_Subject Specifies or retrieves the X.500 distinguished name of the entity requesting the certificate.
IX509CertificateRequestPkcs10::get_SuppressOids Retrieves a collection of the default extension and attribute object identifiers (OIDs) that were not added to the request when the request was encoded.
IX509CertificateRequestPkcs10::get_TemplateObjectId Retrieves the object identifier (OID) of the template used to create the certificate request.
IX509CertificateRequestPkcs10::get_X509Extensions Retrieves a collection of the extensions included in the certificate request.
IX509CertificateRequestPkcs10::GetCspStatuses Retrieves an ICspStatuses collection that contains all provider/algorithm pairs consistent with the intended use of the private key as specified by the caller.
IX509CertificateRequestPkcs10::InitializeDecode Decodes an existing signed or unsigned PKCS #10 certificate request and uses it to initialize the new PKCS #10 request object.
IX509CertificateRequestPkcs10::InitializeFromCertificate Initializes the certificate request by using an existing certificate.
IX509CertificateRequestPkcs10::InitializeFromPrivateKey Initializes the certificate request by using an IX509PrivateKey object and, optionally, a template.
IX509CertificateRequestPkcs10::InitializeFromPublicKey Initializes a null-signed certificate request by using an IX509PublicKey object and, optionally, a template.
IX509CertificateRequestPkcs10::InitializeFromTemplateName "."
IX509CertificateRequestPkcs10::IsSmartCard Retrieves a Boolean value that indicates whether any of the cryptographic providers associated with the request object is a smart card provider.
IX509CertificateRequestPkcs10::put_KeyContainerNamePrefix Specifies or retrieves a prefix used to create the container name for a new private key.
IX509CertificateRequestPkcs10::put_SmimeCapabilities Specifies or retrieves a Boolean value that tells the Encode method whether to create an IX509ExtensionSmimeCapabilities collection that identifies the encryption capabilities supported by the computer.
IX509CertificateRequestPkcs10::put_Subject Specifies or retrieves the X.500 distinguished name of the entity requesting the certificate.

Requirements

   
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header certenroll.h

See Also

CertEnroll Interfaces

IX509CertificateRequest