IX509ExtensionAlternativeNames interface

The IX509ExtensionAlternativeNames interface enables you to specify one or more alternative name forms for the subject of a certificate. A certification authority processes the extension by binding the names to the certified public key. The following syntax shows the Abstract Syntax Notation One (ASN.1) structure of the extension. The extension value is encoded by using Distinguished Encoding Rules (DER) and included in the certificate request.


----------------------------------------------------------------------
-- AlternativeNames 
-- XCN_OID_SUBJECT_ALT_NAME2 (2.5.29.17)
----------------------------------------------------------------------

AltNames ::= SEQUENCE --#public-- OF GeneralName
GeneralNames ::= AltNames

GeneralName ::= CHOICE 
{
   otherName               [0] IMPLICIT OtherName,
   rfc822Name              [1] IMPLICIT IA5STRING,
   dNSName                 [2] IMPLICIT IA5STRING,
   x400Address             [3] IMPLICIT SeqOfAny,       -- Not supported
   directoryName           [4] EXPLICIT ANY,    
   ediPartyName            [5] IMPLICIT SeqOfAny,
   uniformResourceLocator  [6] IMPLICIT IA5STRING,
   iPAddress               [7] IMPLICIT OCTETSTRING,
   registeredID            [8] IMPLICIT EncodedObjectID -- Not supported
}

OtherName ::= SEQUENCE 
{
   type                    EncodedObjectID,
   value                   [0] EXPLICIT NOCOPYANY 
}
If you initialize this extension by using an IAlternativeNames collection, the following name types are supported.
Value Description
XCN_CERT_ALT_NAME_OTHER_NAME The name consists of an object identifier and a byte array that contains the name.
XCN_CERT_ALT_NAME_RFC822_NAME The name is an email address.
XCN_CERT_ALT_NAME_DNS_NAME The name is a Domain Name System name.
XCN_CERT_ALT_NAME_DIRECTORY_NAME The name is an X.500 directory name.
XCN_CERT_ALT_NAME_URL The name is a URL.
XCN_CERT_ALT_NAME_IP_ADDRESS The name is an Internet Protocol (IP) address.
XCN_CERT_ALT_NAME_REGISTERED_ID The name is a registered object identifier (OID).
XCN_CERT_ALT_NAME_GUID The name is a GUID. This is a form of otherName.
XCN_CERT_ALT_NAME_USER_PRINCIPLE_NAME The name is a user principal name (UPN). The UPN format is based on RFC 822.
 

To add this extension object to a PKCS #10 request or a CMC request, you must first add it to an IX509Extensions collection and use the collection to initialize an IX509AttributeExtensions object. For more information, see the PKCS #10 Extensions and the CMC Extensions topics.

Methods

The IX509ExtensionAlternativeNames interface has these methods.

Method Description
IX509ExtensionAlternativeNames::get_AlternativeNames Retrieves a collection of subject alternative names.
IX509ExtensionAlternativeNames::InitializeDecode Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value.
IX509ExtensionAlternativeNames::InitializeEncode Initializes the extension from an IAlternativeNames collection.

Requirements

   
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header certenroll.h

See Also

Certificate Enrollment API

Extensions

IX509Extension