IX509ExtensionBasicConstraints interface (certenroll.h)

The IX509ExtensionBasicConstraints interface enables you to specify whether the certificate subject is a certification authority and, if so, the depth of the subordinate certification authority chain that can exist beneath the certification authority for which this extension ID is defined. This extension must be marked Critical in any certification authority certificate that contains a public key used to validate a digital signature on a certificate. The following syntax shows the Abstract Syntax Notation One (ASN.1) structure of the extension. The extension value is encoded by using Distinguished Encoding Rules (DER) and is included in the certificate request.


----------------------------------------------------------------------
-- Basic Constraints
-- XCN_OID_BASIC_CONSTRAINTS2 (2.5.29.19)
----------------------------------------------------------------------

BasicConstraints2 ::= SEQUENCE 
{
   cA                  BOOLEAN DEFAULT FALSE,
   pathLenConstraint   INTEGER OPTIONAL
}

To add this extension object to a PKCS #10 request or a CMC request, you must first add it to an IX509Extensions collection and use the collection to initialize an IX509AttributeExtensions object. For more information, see the PKCS #10 Extensions and the CMC Extensions topics.

Inheritance

The IX509ExtensionBasicConstraints interface inherits from IX509Extension. IX509ExtensionBasicConstraints also has these types of members:

Methods

The IX509ExtensionBasicConstraints interface has these methods.

 
IX509ExtensionBasicConstraints::get_IsCA

Retrieves a Boolean value that identifies whether the subject of the certificate is a certification authority (CA).
IX509ExtensionBasicConstraints::get_PathLenConstraint

Retrieves the depth of the subordinate certification authority chain.
IX509ExtensionBasicConstraints::InitializeDecode

Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value.
IX509ExtensionBasicConstraints::InitializeEncode

Initializes the extension from a Boolean value that indicates whether the certificate subject is a certification authority (CA) and an integer that contains the depth of the subordinate CA chain.

Requirements

   
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header certenroll.h

See also

Certificate Enrollment API

IX509Extension