PKCS #10 Extensions

Extensions are included in a PKCS #10 certificate request by adding them to the attributes field of the CertificationRequestInfo structure shown in the following ASN.1 syntax example. For more information, see the Attributes topic.

CertificationRequestInfo ::= SEQUENCE 
   version                 CertificationRequestInfoVersion,
   subject                 ANY,
   subjectPublicKeyInfo    SubjectPublicKeyInfo,
   attributes              [0] IMPLICIT Attributes

Attributes ::= SET OF Attribute

Attribute ::= SEQUENCE 
   type       EncodedObjectID,
   values     AttributeSetValue

The following procedure discusses how to use the Certificate Enrollment API to add extensions to a PKCS #10 certificate request:

  1. Retrieve an IX509Extensions collection by calling the X509Extension property on the IX509CertificateRequestPkcs10 object.
  2. Create an extension by using any of the available interfaces that derive from the IX509Extension interface.
  3. Add the extensions created in step 2 to the IX509Extensions collection retrieved in step 1.


Attribute Architecture

PKCS #10 Attributes