IX509ExtensionAlternativeNames interface (certenroll.h)

The IX509ExtensionAlternativeNames interface enables you to specify one or more alternative name forms for the subject of a certificate. A certification authority processes the extension by binding the names to the certified public key. The following syntax shows the Abstract Syntax Notation One (ASN.1) structure of the extension. The extension value is encoded by using Distinguished Encoding Rules (DER) and included in the certificate request.

-- AlternativeNames 

AltNames ::= SEQUENCE --#public-- OF GeneralName
GeneralNames ::= AltNames

GeneralName ::= CHOICE 
   otherName               [0] IMPLICIT OtherName,
   rfc822Name              [1] IMPLICIT IA5STRING,
   dNSName                 [2] IMPLICIT IA5STRING,
   x400Address             [3] IMPLICIT SeqOfAny,       -- Not supported
   directoryName           [4] EXPLICIT ANY,    
   ediPartyName            [5] IMPLICIT SeqOfAny,
   uniformResourceLocator  [6] IMPLICIT IA5STRING,
   iPAddress               [7] IMPLICIT OCTETSTRING,
   registeredID            [8] IMPLICIT EncodedObjectID -- Not supported

OtherName ::= SEQUENCE 
   type                    EncodedObjectID,
   value                   [0] EXPLICIT NOCOPYANY 
If you initialize this extension by using an IAlternativeNames collection, the following name types are supported.
Value Description
XCN_CERT_ALT_NAME_OTHER_NAME The name consists of an object identifier and a byte array that contains the name.
XCN_CERT_ALT_NAME_RFC822_NAME The name is an email address.
XCN_CERT_ALT_NAME_DNS_NAME The name is a Domain Name System name.
XCN_CERT_ALT_NAME_DIRECTORY_NAME The name is an X.500 directory name.
XCN_CERT_ALT_NAME_IP_ADDRESS The name is an Internet Protocol (IP) address.
XCN_CERT_ALT_NAME_REGISTERED_ID The name is a registered object identifier (OID).
XCN_CERT_ALT_NAME_GUID The name is a GUID. This is a form of otherName.
XCN_CERT_ALT_NAME_USER_PRINCIPLE_NAME The name is a user principal name (UPN). The UPN format is based on RFC 822.

To add this extension object to a PKCS #10 request or a CMC request, you must first add it to an IX509Extensions collection and use the collection to initialize an IX509AttributeExtensions object. For more information, see the PKCS #10 Extensions and the CMC Extensions topics.


The IX509ExtensionAlternativeNames interface inherits from IX509Extension. IX509ExtensionAlternativeNames also has these types of members:


The IX509ExtensionAlternativeNames interface has these methods.


Retrieves a collection of subject alternative names.

Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value.

Initializes the extension from an IAlternativeNames collection.


Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header certenroll.h

See also

Certificate Enrollment API