CMC EOBO 请求

以下示例包含代表 (EOBO) 请求注册 CMC。 此示例是使用Certreq.exe和Certutil.exe工具生成的。 用作Certreq.exe输入的 .inf 文件包含以下配置。

[NewRequest]
RequestType=cmc
RequesterName=Domain\TargetUser

[RequestAttributes]
CertificateTemplate=User

此配置生成以下示例输出。 配置指定 (CMC) 的请求类型、请求注册的实体的名称以及模板的名称。 用户模板指定:

  • 请求必须使用 Microsoft 基础加密提供程序 1.0 或 Microsoft 增强型加密提供程序 1.0。
  • 使用者名称必须从 Active Directory 生成。
  • 请求包括证书模板名称、增强密钥用法 (EKU) 和密钥用法扩展。 EKU 扩展指定颁发证书可用于加密文件系统 (EFS) 、安全电子邮件和客户端身份验证。
PKCS7/CMS Message:
  CMSG_SIGNED(2)
  CMSG_SIGNED_DATA_CMS_VERSION(3)
  Content Type: 1.3.6.1.5.5.7.12.2 CMC Data

PKCS7 Message Content:
================ Begin Nesting Level 1 ================
CMS Certificate Request:
Tagged Attributes: 2

  Body Part Id: 3
  1.3.6.1.4.1.311.10.10.1 CMC Attributes
  Value[0]:
    Data Reference: 0
    Cert Reference[0]: 1
  1 attributes:

  Attribute[0]: 1.3.6.1.4.1.311.21.20 (Client Information)
    Value[0][0]:
    Unknown Attribute type
    Client Id: = 9
      (XECI_DISABLE -- 0)
      (XECI_XENROLL -- 1)
      (XECI_AUTOENROLL -- 2)
      (XECI_REQWIZARD -- 3)
      (XECI_CERTREQ -- 4)
    User: JDOMCSC\administrator
    Machine: vich3d.jdomcsc.nttest.microsoft.com
    Process: certreq
    0000  30 48 02 01 09 0c 23 76  69 63 68 33 64 2e 6a 64   0H....#vich3d.jd
    0010  6f 6d 63 73 63 2e 6e 74  74 65 73 74 2e 6d 69 63   omcsc.nttest.mic
    0020  72 6f 73 6f 66 74 2e 63  6f 6d 0c 15 4a 44 4f 4d   rosoft.com..JDOM
    0030  43 53 43 5c 61 64 6d 69  6e 69 73 74 72 61 74 6f   CSC\administrato
    0040  72 0c 07 63 65 72 74 72  65 71                     r..certreq

  Body Part Id: 2
  1.3.6.1.5.5.7.7.18 Reg Info
  Value[0]:
    RequesterName: Domain\TargetUser

Tagged Requests: 1
  CMC_TAGGED_CERT_REQUEST_CHOICE:
  Body Part Id: 1
================ Begin Nesting Level 2 ================
Element 0:
PKCS10 Certificate Request:
Version: 1
Subject:
    EMPTY

Public Key Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
    Algorithm Parameters:
    05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
    0000  30 81 89 02 81 81 00 b7  0f 10 7a 44 05 74 91 3c
    0010  b9 6e 6d bb 5f f9 27 74  66 15 7c cb 45 a4 df ba
    0020  2c 18 fc c3 da 2c 4a 7c  ef e7 7f 46 61 3a 59 1c
    0030  37 d7 26 2f 55 f8 94 8b  f9 b4 84 7e ed 74 dc de
    0040  d4 2c 19 6b ef 7c f5 07  57 1f 9b ee 16 d4 21 d4
    0050  33 7e 4d 47 b2 5d ee 81  6a fd b8 63 b2 db 7f 2a
    0060  15 1e 68 3c 1c bb 54 a3  d8 90 c0 66 d2 e1 4a b2
    0070  bb 2e ce 23 97 99 48 e1  cd 3b 1d 1c 11 bf 6e d3
    0080  00 08 30 e8 6a e1 bb 02  03 01 00 01
Request Attributes: 5
  5 attributes:

  Attribute[0]: 1.3.6.1.4.1.311.13.2.3 (OS Version)
    Value[0][0]:
        6.0.5361.2
    0000  16 0a 36 2e 30 2e 35 33  36 31 2e 32               ..6.0.5361.2

  Attribute[1]: 1.3.6.1.4.1.311.13.2.1 (Enrollment Name Value Pair)
    Value[1][0]:
        CertificateTemplate=User
    0000  30 32 1e 26 00 43 00 65  00 72 00 74 00 69 00 66   02.&.C.e.r.t.i.f
    0010  00 69 00 63 00 61 00 74  00 65 00 54 00 65 00 6d   .i.c.a.t.e.T.e.m
    0020  00 70 00 6c 00 61 00 74  00 65 1e 08 00 55 00 73   .p.l.a.t.e...U.s
    0030  00 65 00 72                                        .e.r

  Attribute[2]: 1.3.6.1.4.1.311.21.20 (Client Information)
    Value[2][0]:
    Unknown Attribute type
    Client Id: = 9
      (XECI_DISABLE -- 0)
      (XECI_XENROLL -- 1)
      (XECI_AUTOENROLL -- 2)
      (XECI_REQWIZARD -- 3)
      (XECI_CERTREQ -- 4)
    User: JDOMCSC\administrator
    Machine: vich3d.jdomcsc.nttest.microsoft.com
    Process: certreq
    0000  30 48 02 01 09 0c 23 76  69 63 68 33 64 2e 6a 64   0H....#vich3d.jd
    0010  6f 6d 63 73 63 2e 6e 74  74 65 73 74 2e 6d 69 63   omcsc.nttest.mic
    0020  72 6f 73 6f 66 74 2e 63  6f 6d 0c 15 4a 44 4f 4d   rosoft.com..JDOM
    0030  43 53 43 5c 61 64 6d 69  6e 69 73 74 72 61 74 6f   CSC\administrato
    0040  72 0c 07 63 65 72 74 72  65 71                     r..certreq

  Attribute[3]: 1.3.6.1.4.1.311.13.2.2 (Enrollment CSP)
    Value[3][0]:
    Unknown Attribute type
    CSP Provider Info
    KeySpec = 1
    Provider = Microsoft Enhanced Cryptographic Provider v1.0
    Signature: UnusedBits=0
    0000  30 64 02 01 01 1e 5c 00  4d 00 69 00 63 00 72 00   0d....\.M.i.c.r.
    0010  6f 00 73 00 6f 00 66 00  74 00 20 00 45 00 6e 00   o.s.o.f.t. .E.n.
    0020  68 00 61 00 6e 00 63 00  65 00 64 00 20 00 43 00   h.a.n.c.e.d. .C.
    0030  72 00 79 00 70 00 74 00  6f 00 67 00 72 00 61 00   r.y.p.t.o.g.r.a.
    0040  70 00 68 00 69 00 63 00  20 00 50 00 72 00 6f 00   p.h.i.c. .P.r.o.
    0050  76 00 69 00 64 00 65 00  72 00 20 00 76 00 31 00   v.i.d.e.r. .v.1.
    0060  2e 00 30 03 01 00                                  ..0...

  Attribute[4]: 1.2.840.113549.1.9.14 (Certificate Extensions)
    Value[4][0]:
    Unknown Attribute type
Certificate Extensions: 4
    1.3.6.1.4.1.311.20.2: Flags = 0, Length = a
    Certificate Template Name (Certificate Type)
        User

    0000  1e 08 00 55 00 73 00 65  00 72                     ...U.s.e.r

    2.5.29.37: Flags = 0, Length = 22
    Enhanced Key Usage
        Encrypting File System (1.3.6.1.4.1.311.10.3.4)
        Secure Email (1.3.6.1.5.5.7.3.4)
        Client Authentication (1.3.6.1.5.5.7.3.2)

    0000  30 20 06 0a 2b 06 01 04  01 82 37 0a 03 04 06 08   0 ..+.....7.....
    0010  2b 06 01 05 05 07 03 04  06 08 2b 06 01 05 05 07   +.........+.....
    0020  03 02                                              ..

    2.5.29.15: Flags = 1(Critical), Length = 4
    Key Usage
        Digital Signature, Key Encipherment (a0)

    0000  03 02 05 a0                                        ....

    2.5.29.14: Flags = 0, Length = 16
    Subject Key Identifier
        a4 f5 5a 3a e5 a5 63 9a 26 06 9a 86 80 b7 39 96 42 c2 d6 92

    0000  04 14 a4 f5 5a 3a e5 a5  63 9a 26 06 9a 86 80 b7   ....Z:..c.&.....
    0010  39 96 42 c2 d6 92                                  9.B...

    0000  30 73 30 17 06 09 2b 06  01 04 01 82 37 14 02 04   0s0...+.....7...
    0010  0a 1e 08 00 55 00 73 00  65 00 72 30 29 06 03 55   ....U.s.e.r0)..U
    0020  1d 25 04 22 30 20 06 0a  2b 06 01 04 01 82 37 0a   .%."0 ..+.....7.
    0030  03 04 06 08 2b 06 01 05  05 07 03 04 06 08 2b 06   ....+.........+.
    0040  01 05 05 07 03 02 30 0e  06 03 55 1d 0f 01 01 ff   ......0...U.....
    0050  04 04 03 02 05 a0 30 1d  06 03 55 1d 0e 04 16 04   ......0...U.....
    0060  14 a4 f5 5a 3a e5 a5 63  9a 26 06 9a 86 80 b7 39   ...Z:..c.&.....9
    0070  96 42 c2 d6 92                                     .B...
Signature Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
    Algorithm Parameters:
    05 00
Signature: UnusedBits=0
    0000  bb ec 11 7a bb 66 fe 55  d8 1a e4 b1 2b 3a 1f 45
    0010  a1 a2 db f8 75 7a 4c 58  73 90 1e 68 18 53 2d 35
    0020  e2 38 75 5d 8b 3e d6 dd  9b c4 c7 c8 b2 6b da 49
    0030  45 8a 7c a2 fc b8 37 ff  8e b7 f2 49 a1 d2 da fd
    0040  fb 9f 26 d0 31 9d f8 ce  10 0d 2b 19 f3 d4 20 81
    0050  b0 ed 17 0c 4b f2 bf 92  3d 42 ba 62 6b 7c d5 8a
    0060  c4 ec 0b 56 7d fa ac 69  df b8 54 6f 31 98 7d 84
    0070  fa 8e 66 ce d9 4d 08 a1  92 8d ba 77 24 cd 71 5d
Signature matches Public Key
Key Id Hash(rfc-sha1): a4 f5 5a 3a e5 a5 63 9a 26 06 9a 86 80 b7 39 96 42 c2 d6 92
Key Id Hash(sha1): a6 30 45 3d a9 90 27 7d 35 48 d4 06 94 42 b7 1f 52 f5 f9 6d
----------------  End Nesting Level 2  ----------------

Tagged Content Info: 0
Tagged Other Messages: 0
----------------  End Nesting Level 1  ----------------

Signer Count: 2

Signer Info[0]:
Signature matches request Public Key
CMSG_SIGNER_INFO_CMS_VERSION(3)
CERT_ID_KEY_IDENTIFIER(2)
    0000  a4 f5 5a 3a e5 a5 63 9a  26 06 9a 86 80 b7 39 96
    0010  42 c2 d6 92
Hash Algorithm:
    Algorithm ObjectId: 1.3.14.3.2.26 sha1 (sha1NoSign)
    Algorithm Parameters: NULL
Encrypted Hash Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
    Algorithm Parameters: NULL
Encrypted Hash:
    0000  9a f8 b1 da 2b 78 92 a3  ee 24 9c f7 18 67 be c4
    0010  70 04 0e 90 7f 5a d6 d0  db e1 b2 a5 18 f8 14 9d
    0020  a4 7c f6 bb a5 98 64 5b  e5 e1 e6 cd 7c a6 0a ce
    0030  c2 3b 0a 32 5e 0f 8c e2  3f b3 ac 4a 9e f4 89 4a
    0040  cc 7f 97 d5 9b fa 15 9f  3d 81 64 6b 0e 44 a2 fa
    0050  da bf 76 45 e3 1b b3 d2  5c 56 50 f4 16 da bb 09
    0060  92 3e a4 cb ff b8 e3 27  8d 85 58 3b 3a 1b c8 85
    0070  cc 86 bb c2 3f 45 19 fa  9b 38 b1 d6 ae 6c 53 9b

Authenticated Attributes[0]:
  2 attributes:

  Attribute[0]: 1.2.840.113549.1.9.3 (Content Type)
    Value[0][0]:
    Unknown Attribute type
    1.3.6.1.5.5.7.12.2 CMC Data
    0000  06 08 2b 06 01 05 05 07  0c 02                     ..+.......

  Attribute[1]: 1.2.840.113549.1.9.4 (Message Digest)
    Value[1][0]:
    Unknown Attribute type
    Message Digest(certutil):
        76 5f 2c 3f 9f bb 3e be 34 49 e8 fa 9c 19 d9 92 a8 1f da 56
    0000  04 14 76 5f 2c 3f 9f bb  3e be 34 49 e8 fa 9c 19   ..v_,?..>.4I....
    0010  d9 92 a8 1f da 56                                  .....V

Unauthenticated Attributes[0]:
  0 attributes:

Computed Hash: 27 50 32 b5 c6 25 2e d4 2f 14 92 ae 7c 15 60 d3 0a 62 c4 21
Signing Certificate Index: 0
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 1 Days, 7 Hours, 8 Minutes, 51 Seconds

SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 1 Days, 7 Hours, 8 Minutes, 51 Seconds

CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
  NotBefore: 5/4/2006 6:31 PM
  NotAfter: 5/3/2008 6:31 PM
  Subject: CN=Administrator, CN=Users, DC=jdomcsc, DC=nttest, DC=microsoft, DC=com
  Serial: 588cf81a000000000b57
  SubjectAltName: Other Name:Principal Name=Administrator@jdomcsc.nttest.microsoft.com
  Template: EnrollmentAgent
  4c 63 a9 53 fb 51 11 c9 20 5b 93 cb 36 da 9e 4b 2c 64 3d ea
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
    CRL 52:
    Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
    6b a0 09 df 7c a5 1f 00 62 a0 b7 31 4f c2 9b 3e 40 97 cc 2b
    Delta CRL 52:
    Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
    65 34 cc 62 35 11 04 f5 df 50 0a 84 3e 7a da 13 69 a2 11 f6
  Application[0] = 1.3.6.1.4.1.311.20.2.1 Certificate Request Agent

CertContext[0][1]: dwInfoStatus=10c dwErrorStatus=0
  Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
  NotBefore: 3/15/2006 11:33 AM
  NotAfter: 3/15/2011 11:43 AM
  Subject: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
  Serial: 1a527b5929af2eb640ada1d7beecd805
  Template: CA
  b3 c9 0e c6 08 94 7b f7 b2 b9 f2 86 3f 54 9e 82 71 2c fa a0
  Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)

Exclude leaf cert:
  23 02 10 d9 b1 52 54 92 56 3e f4 0b 0a 36 a9 95 63 94 2d 24
Full chain:
##   f4 6c 8d 29 e2 f0 ba 15 37 f3 2e d1 20 4a f7 18 07 e7 4d 0a

Verified Issuance Policies: None
Verified Application Policies:
    1.3.6.1.4.1.311.20.2.1 Certificate Request Agent

Signer Info[1]:
Signature matches Public Key
CMSG_SIGNER_INFO_PKCS_1_5_VERSION(1)
CERT_ID_ISSUER_SERIAL_NUMBER(1)
    Serial Number: 588cf81a000000000b57
    Issuer:
        CN=JDOMCSC Longhorn Enterprise Root CA
        O=Microsoft
    Subject:
        CN=Administrator
        CN=Users
        DC=jdomcsc
        DC=nttest
        DC=microsoft
        DC=com
Hash Algorithm:
    Algorithm ObjectId: 1.3.14.3.2.26 sha1 (sha1NoSign)
    Algorithm Parameters: NULL
Encrypted Hash Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
    Algorithm Parameters: NULL
Encrypted Hash:
    0000  7b 2f 3c e3 36 bd 07 73  3a 00 8b 72 33 6e f4 6e
    0010  b9 fb 26 c0 1b b0 fe 0b  f3 7f 16 3d 49 68 32 dc
    0020  23 f5 4f b9 17 49 26 7f  9f b8 b6 c3 0d fb 20 a2
    0030  a5 0f c1 bc af fe dd 4e  6b 61 e3 01 a1 76 7a 90
    0040  bc 38 1e ae e4 aa 62 2c  7e 7d fb f1 bb 52 b8 e7
    0050  47 29 13 f2 e1 42 e7 4c  62 37 22 14 10 ff 70 cc
    0060  c4 e8 b1 b9 72 5a cb 58  28 45 e3 74 49 6c 50 e9
    0070  ee b0 31 95 7f 43 9e fa  7e 03 b5 c1 88 79 c2 ba

Authenticated Attributes[1]:
  2 attributes:

  Attribute[0]: 1.2.840.113549.1.9.3 (Content Type)
    Value[0][0]:
    Unknown Attribute type
    1.3.6.1.5.5.7.12.2 CMC Data
    0000  06 08 2b 06 01 05 05 07  0c 02                     ..+.......

  Attribute[1]: 1.2.840.113549.1.9.4 (Message Digest)
    Value[1][0]:
    Unknown Attribute type
    Message Digest(certutil):
        76 5f 2c 3f 9f bb 3e be 34 49 e8 fa 9c 19 d9 92 a8 1f da 56
    0000  04 14 76 5f 2c 3f 9f bb  3e be 34 49 e8 fa 9c 19   ..v_,?..>.4I....
    0010  d9 92 a8 1f da 56                                  .....V

Unauthenticated Attributes[1]:
  0 attributes:

Computed Hash: 27 50 32 b5 c6 25 2e d4 2f 14 92 ae 7c 15 60 d3 0a 62 c4 21
No Recipient

Certificates:
================ Begin Nesting Level 1 ================
Element 0:
X509 Certificate:
Version: 3
Serial Number: 588cf81a000000000b57
    57 0b 00 00 00 00 1a f8  8c 58
Signature Algorithm:
    Algorithm ObjectId: 1.2.840.10045.4.3.3 ECDSA SHA-384(certlib) (sha384ECDSA)
    Algorithm Parameters: NULL
Issuer:
    CN=JDOMCSC Longhorn Enterprise Root CA
    O=Microsoft
    [0,0]: CERT_RDN_PRINTABLE_STRING, Length = 9 (9/64 Characters)
        2.5.4.10 Organization (O)="Microsoft"

        4d 69 63 72 6f 73 6f 66  74                        Microsoft

        4d 00 69 00 63 00 72 00  6f 00 73 00 6f 00 66 00   M.i.c.r.o.s.o.f.
        74 00                                              t.

    [1,0]: CERT_RDN_PRINTABLE_STRING, Length = 35 (35/64 Characters)
        2.5.4.3 Common Name (CN)="JDOMCSC Longhorn Enterprise Root CA"

        4a 44 4f 4d 43 53 43 20  4c 6f 6e 67 68 6f 72 6e   JDOMCSC Longhorn
        20 45 6e 74 65 72 70 72  69 73 65 20 52 6f 6f 74    Enterprise Root
        20 43 41                                            CA

        4a 00 44 00 4f 00 4d 00  43 00 53 00 43 00 20 00   J.D.O.M.C.S.C. .
        4c 00 6f 00 6e 00 67 00  68 00 6f 00 72 00 6e 00   L.o.n.g.h.o.r.n.
        20 00 45 00 6e 00 74 00  65 00 72 00 70 00 72 00    .E.n.t.e.r.p.r.
        69 00 73 00 65 00 20 00  52 00 6f 00 6f 00 74 00   i.s.e. .R.o.o.t.
        20 00 43 00 41 00                                   .C.A.


NotBefore: 5/4/2006 6:31 PM
NotAfter: 5/3/2008 6:31 PM

Subject:
    CN=Administrator
    CN=Users
    DC=jdomcsc
    DC=nttest
    DC=microsoft
    DC=com
    [0,0]: CERT_RDN_IA5_STRING, Length = 3 (3/128 Characters)
        0.9.2342.19200300.100.1.25 Domain Component (DC)="com"

        63 6f 6d                                           com

        63 00 6f 00 6d 00                                  c.o.m.

    [1,0]: CERT_RDN_IA5_STRING, Length = 9 (9/128 Characters)
        0.9.2342.19200300.100.1.25 Domain Component (DC)="microsoft"

        6d 69 63 72 6f 73 6f 66  74                        microsoft

        6d 00 69 00 63 00 72 00  6f 00 73 00 6f 00 66 00   m.i.c.r.o.s.o.f.
        74 00                                              t.

    [2,0]: CERT_RDN_IA5_STRING, Length = 6 (6/128 Characters)
        0.9.2342.19200300.100.1.25 Domain Component (DC)="nttest"

        6e 74 74 65 73 74                                  nttest

        6e 00 74 00 74 00 65 00  73 00 74 00               n.t.t.e.s.t.

    [3,0]: CERT_RDN_IA5_STRING, Length = 7 (7/128 Characters)
        0.9.2342.19200300.100.1.25 Domain Component (DC)="jdomcsc"

        6a 64 6f 6d 63 73 63                               jdomcsc

        6a 00 64 00 6f 00 6d 00  63 00 73 00 63 00         j.d.o.m.c.s.c.

    [4,0]: CERT_RDN_PRINTABLE_STRING, Length = 5 (5/64 Characters)
        2.5.4.3 Common Name (CN)="Users"

        55 73 65 72 73                                     Users

        55 00 73 00 65 00 72 00  73 00                     U.s.e.r.s.

    [5,0]: CERT_RDN_PRINTABLE_STRING, Length = 13 (13/64 Characters)
        2.5.4.3 Common Name (CN)="Administrator"

        41 64 6d 69 6e 69 73 74  72 61 74 6f 72            Administrator

        41 00 64 00 6d 00 69 00  6e 00 69 00 73 00 74 00   A.d.m.i.n.i.s.t.
        72 00 61 00 74 00 6f 00  72 00                     r.a.t.o.r.


Public Key Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
    Algorithm Parameters:
    05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
    0000  30 81 89 02 81 81 00 bf  1a 3f 63 bf 9e 24 bc 10
    0010  d9 28 63 c9 4b cf 29 d9  c5 70 28 93 8a ce e7 14
    0020  68 d5 b7 20 eb 60 f2 d9  81 19 3a 98 b8 66 85 58
    0030  31 6b 53 4b 03 b9 f3 e5  bf 85 12 11 c5 a2 9e 09
    0040  7a f7 c7 ad 8f 65 77 c1  d5 7e fd c0 48 6c 92 0c
    0050  d1 06 cd b7 86 55 b4 8e  a7 6b 8d 00 e6 13 4b 54
    0060  63 17 a5 12 13 2f 9e 32  0e 2d c7 22 09 47 e6 e9
    0070  34 77 1e 94 84 18 16 05  0d 3e da 42 8f 84 fd 65
    0080  ea 1d c4 93 f9 7d 19 02  03 01 00 01
Certificate Extensions: 8
    1.3.6.1.4.1.311.20.2: Flags = 0, Length = 20
    Certificate Template Name (Certificate Type)
        EnrollmentAgent

    0000  1e 1e 00 45 00 6e 00 72  00 6f 00 6c 00 6c 00 6d   ...E.n.r.o.l.l.m
    0010  00 65 00 6e 00 74 00 41  00 67 00 65 00 6e 00 74   .e.n.t.A.g.e.n.t

    2.5.29.37: Flags = 0, Length = e
    Enhanced Key Usage
        Certificate Request Agent (1.3.6.1.4.1.311.20.2.1)

    0000  30 0c 06 0a 2b 06 01 04  01 82 37 14 02 01         0...+.....7...

    2.5.29.15: Flags = 0, Length = 4
    Key Usage
        Digital Signature (80)

    0000  03 02 07 80                                        ....

    2.5.29.14: Flags = 0, Length = 16
    Subject Key Identifier
        9f ad 2e 19 53 07 d5 d3 34 b9 66 75 65 0e 19 85 00 3a 26 7d

    0000  04 14 9f ad 2e 19 53 07  d5 d3 34 b9 66 75 65 0e   ......S...4.fue.
    0010  19 85 00 3a 26 7d                                  ...:&}

    2.5.29.35: Flags = 0, Length = 18
    Authority Key Identifier
        KeyID=16 a1 b0 9e 8f 4f ee 2e d4 25 07 90 2b 89 37 21 70 c7 d6 65

    0000  30 16 80 14 16 a1 b0 9e  8f 4f ee 2e d4 25 07 90   0........O...%..
    0010  2b 89 37 21 70 c7 d6 65                            +.7!p..e

    2.5.29.31: Flags = 0, Length = 166
    CRL Distribution Points
        [1]CRL Distribution Point
             Distribution Point Name:
                  Full Name:
                       URL=ldap:///CN=JDOMCSC%20Longhorn%20Enterprise%20Root%20CA,CN=JAYTEST7,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=jdomcsc,DC=nttest,DC=microsoft,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint
                       URL=https://jaytest7.jdomcsc.nttest.microsoft.com/CertEnroll/JDOMCSC%20Longhorn%20Enterprise%20Root%20CA.crl

    0000  30 82 01 62 30 82 01 5e  a0 82 01 5a a0 82 01 56   0..b0..^...Z...V
    0010  86 81 ea 6c 64 61 70 3a  2f 2f 2f 43 4e 3d 4a 44   ...ldap:///CN=JD
    0020  4f 4d 43 53 43 25 32 30  4c 6f 6e 67 68 6f 72 6e   OMCSC%20Longhorn
    0030  25 32 30 45 6e 74 65 72  70 72 69 73 65 25 32 30   %20Enterprise%20
    0040  52 6f 6f 74 25 32 30 43  41 2c 43 4e 3d 4a 41 59   Root%20CA,CN=JAY
    0050  54 45 53 54 37 2c 43 4e  3d 43 44 50 2c 43 4e 3d   TEST7,CN=CDP,CN=
    0060  50 75 62 6c 69 63 25 32  30 4b 65 79 25 32 30 53   Public%20Key%20S
    0070  65 72 76 69 63 65 73 2c  43 4e 3d 53 65 72 76 69   ervices,CN=Servi
    0080  63 65 73 2c 43 4e 3d 43  6f 6e 66 69 67 75 72 61   ces,CN=Configura
    0090  74 69 6f 6e 2c 44 43 3d  6a 64 6f 6d 63 73 63 2c   tion,DC=jdomcsc,
    00a0  44 43 3d 6e 74 74 65 73  74 2c 44 43 3d 6d 69 63   DC=nttest,DC=mic
    00b0  72 6f 73 6f 66 74 2c 44  43 3d 63 6f 6d 3f 63 65   rosoft,DC=com?ce
    00c0  72 74 69 66 69 63 61 74  65 52 65 76 6f 63 61 74   rtificateRevocat
    00d0  69 6f 6e 4c 69 73 74 3f  62 61 73 65 3f 6f 62 6a   ionList?base?obj
    00e0  65 63 74 43 6c 61 73 73  3d 63 52 4c 44 69 73 74   ectClass=cRLDist
    00f0  72 69 62 75 74 69 6f 6e  50 6f 69 6e 74 86 67 68   ributionPoint.gh
    0100  74 74 70 3a 2f 2f 6a 61  79 74 65 73 74 37 2e 6a   ttp://jaytest7.j
    0110  64 6f 6d 63 73 63 2e 6e  74 74 65 73 74 2e 6d 69   domcsc.nttest.mi
    0120  63 72 6f 73 6f 66 74 2e  63 6f 6d 2f 43 65 72 74   crosoft.com/Cert
    0130  45 6e 72 6f 6c 6c 2f 4a  44 4f 4d 43 53 43 25 32   Enroll/JDOMCSC%2
    0140  30 4c 6f 6e 67 68 6f 72  6e 25 32 30 45 6e 74 65   0Longhorn%20Ente
    0150  72 70 72 69 73 65 25 32  30 52 6f 6f 74 25 32 30   rprise%20Root%20
    0160  43 41 2e 63 72 6c                                  CA.crl

    1.3.6.1.5.5.7.1.1: Flags = 0, Length = 185
    Authority Information Access
        [1]Authority Info Access
             Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
             Alternative Name:
                  URL=ldap:///CN=JDOMCSC%20Longhorn%20Enterprise%20Root%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=jdomcsc,DC=nttest,DC=microsoft,DC=com?cACertificate?base?objectClass=certificationAuthority
        [2]Authority Info Access
             Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
             Alternative Name:
                  URL=https://jaytest7.jdomcsc.nttest.microsoft.com/CertEnroll/JAYTEST7.jdomcsc.nttest.microsoft.com_JDOMCSC%20Longhorn%20Enterprise%20Root%20CA.crt

    0000  30 82 01 81 30 81 e1 06  08 2b 06 01 05 05 07 30   0...0....+.....0
    0010  02 86 81 d4 6c 64 61 70  3a 2f 2f 2f 43 4e 3d 4a   ....ldap:///CN=J
    0020  44 4f 4d 43 53 43 25 32  30 4c 6f 6e 67 68 6f 72   DOMCSC%20Longhor
    0030  6e 25 32 30 45 6e 74 65  72 70 72 69 73 65 25 32   n%20Enterprise%2
    0040  30 52 6f 6f 74 25 32 30  43 41 2c 43 4e 3d 41 49   0Root%20CA,CN=AI
    0050  41 2c 43 4e 3d 50 75 62  6c 69 63 25 32 30 4b 65   A,CN=Public%20Ke
    0060  79 25 32 30 53 65 72 76  69 63 65 73 2c 43 4e 3d   y%20Services,CN=
    0070  53 65 72 76 69 63 65 73  2c 43 4e 3d 43 6f 6e 66   Services,CN=Conf
    0080  69 67 75 72 61 74 69 6f  6e 2c 44 43 3d 6a 64 6f   iguration,DC=jdo
    0090  6d 63 73 63 2c 44 43 3d  6e 74 74 65 73 74 2c 44   mcsc,DC=nttest,D
    00a0  43 3d 6d 69 63 72 6f 73  6f 66 74 2c 44 43 3d 63   C=microsoft,DC=c
    00b0  6f 6d 3f 63 41 43 65 72  74 69 66 69 63 61 74 65   om?cACertificate
    00c0  3f 62 61 73 65 3f 6f 62  6a 65 63 74 43 6c 61 73   ?base?objectClas
    00d0  73 3d 63 65 72 74 69 66  69 63 61 74 69 6f 6e 41   s=certificationA
    00e0  75 74 68 6f 72 69 74 79  30 81 9a 06 08 2b 06 01   uthority0....+..
    00f0  05 05 07 30 02 86 81 8d  68 74 74 70 3a 2f 2f 6a   ...0....https://j
    0100  61 79 74 65 73 74 37 2e  6a 64 6f 6d 63 73 63 2e   aytest7.jdomcsc.
    0110  6e 74 74 65 73 74 2e 6d  69 63 72 6f 73 6f 66 74   nttest.microsoft
    0120  2e 63 6f 6d 2f 43 65 72  74 45 6e 72 6f 6c 6c 2f   .com/CertEnroll/
    0130  4a 41 59 54 45 53 54 37  2e 6a 64 6f 6d 63 73 63   JAYTEST7.jdomcsc
    0140  2e 6e 74 74 65 73 74 2e  6d 69 63 72 6f 73 6f 66   .nttest.microsof
    0150  74 2e 63 6f 6d 5f 4a 44  4f 4d 43 53 43 25 32 30   t.com_JDOMCSC%20
    0160  4c 6f 6e 67 68 6f 72 6e  25 32 30 45 6e 74 65 72   Longhorn%20Enter
    0170  70 72 69 73 65 25 32 30  52 6f 6f 74 25 32 30 43   prise%20Root%20C
    0180  41 2e 63 72 74                                     A.crt

    2.5.29.17: Flags = 0, Length = 3e
    Subject Alternative Name
        Other Name:
             Principal Name=Administrator@jdomcsc.nttest.microsoft.com
    AltName: 1 entries:
    AltName[0] CERT_ALT_NAME_OTHER_NAME: 1.3.6.1.4.1.311.20.2.3 Principal Name: 
      CERT_RDN_UTF8_STRING, Length = 42 (42 Characters)
        "Administrator@jdomcsc.nttest.microsoft.com"

        41 64 6d 69 6e 69 73 74  72 61 74 6f 72 40 6a 64   Administrator@jd
        6f 6d 63 73 63 2e 6e 74  74 65 73 74 2e 6d 69 63   omcsc.nttest.mic
        72 6f 73 6f 66 74 2e 63  6f 6d                     rosoft.com

        41 00 64 00 6d 00 69 00  6e 00 69 00 73 00 74 00   A.d.m.i.n.i.s.t.
        72 00 61 00 74 00 6f 00  72 00 40 00 6a 00 64 00   r.a.t.o.r.@.j.d.
        6f 00 6d 00 63 00 73 00  63 00 2e 00 6e 00 74 00   o.m.c.s.c...n.t.
        74 00 65 00 73 00 74 00  2e 00 6d 00 69 00 63 00   t.e.s.t...m.i.c.
        72 00 6f 00 73 00 6f 00  66 00 74 00 2e 00 63 00   r.o.s.o.f.t...c.
        6f 00 6d 00                                        o.m.


    0000  30 3c a0 3a 06 0a 2b 06  01 04 01 82 37 14 02 03   0<.:..+.....7...
    0010  a0 2c 0c 2a 41 64 6d 69  6e 69 73 74 72 61 74 6f   .,.*Administrato
    0020  72 40 6a 64 6f 6d 63 73  63 2e 6e 74 74 65 73 74   r@jdomcsc.nttest
    0030  2e 6d 69 63 72 6f 73 6f  66 74 2e 63 6f 6d         .microsoft.com

Signature Algorithm:
    Algorithm ObjectId: 1.2.840.10045.4.3.3 ECDSA SHA-384(certlib) (sha384ECDSA)
    Algorithm Parameters: NULL
Signature: UnusedBits=0
    0000  df db 4e b7 c5 d1 a0 20  67 c5 35 9f 94 5c 81 0b
    0010  57 0d f1 62 38 81 1a c8  d6 dc 19 c8 1f ae 07 17
    0020  fe 71 cd 3e 00 18 a4 9d  cc ab 5b 95 bf 03 16 4d
    0030  30 02 3e df 67 d9 b2 51  d7 35 9b 26 16 23 02 13
    0040  31 28 e7 11 26 58 9b 04  93 f3 76 0b e8 8b 58 5d
    0050  9d cc a4 c1 d7 3e f2 be  d8 b5 c0 ea 44 6a 0c 4b
    0060  2b 61 30 02 64 30
Non-root Certificate
Key Id Hash(rfc-sha1): 9f ad 2e 19 53 07 d5 d3 34 b9 66 75 65 0e 19 85 00 3a 26 7d
Key Id Hash(sha1): a3 00 d8 b3 30 12 26 94 05 a4 76 17 40 11 41 fd ab de 92 a1
Cert Hash(md5): e6 37 c0 39 b7 8b 88 e3 cf 54 6e eb 13 a9 9b d8
Cert Hash(sha1): 4c 63 a9 53 fb 51 11 c9 20 5b 93 cb 36 da 9e 4b 2c 64 3d ea
----------------  End Nesting Level 1  ----------------
No CRLs
CertUtil: -dump command completed successfully.

示例请求