Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Values for the following elements of the Request table SHOULD be maintained by the CA:
Request_Key_Recovery_Hashes: Column name "Request.KeyRecoveryHashes". Unique identifiers of the key recovery agent (KRA) certificates that are required to retrieve an archived private key.
Request_Raw_Old_Certificate: Column name "Request.RawOldCertificate". In the case of a renewal, the preceding certificate.
Request_Request_Attributes: Column name "Request.RequestAttributes". The certificate request attributes as defined in [MS-WCCE].
Request_Request_Type: Column name "Request.RequestType". The type or format of a certificate request, such as PKCS#10 or the Cryptographic Message Syntax (CMS) standard with Common Messaging Calls (CMC) as specified in [RFC2797].
Request_Request_Flags: Column name "Request.RequestFlags". Additional certificate request information.
-
The following are examples of request flag values. These flag values can be used in any combination.
-
Name
Value
Description
CR_FLG_FORCETELETEX
0x00000001
For encoding of the subject information in the certificate, a T61String type is used for elements that contain a Unicode character in the value.
CR_FLG_RENEWAL
0x00000002
The certificate request is a renewal request.
CR_FLG_FORCEUTF8
0x00000004
For encoding of the subject information in the certificate, a UTF8String type is used for elements that contain a Unicode character in the value.
CR_FLG_CAXCHGCERT
0x00000008
The certificate is the exchange certificate of the CA.
CR_FLG_ENROLLONBEHALFOF
0x00000010
The certificate request is an Enroll-on-behalf-of request.
CR_FLG_SUBJECTUNMODIFIED
0x00000020
The subject information in the certificate is an unmodified binary copy of the subject information from the certificate request.
CR_FLG_VALIDENCRYPTEDKEYHASH
0x00000040
For a certificate request with key archival, the CMC Full response includes the szOID_ENCRYPTED_KEY_HASH attribute.
CR_FLG_CACROSSCERT
0x00000080
The certificate is the cross certificate of the CA.
CR_FLG_ENFORCEUTF8
0x00000100
For encoding of the subject information in the certificate, a UTF8String type is used for directory string elements.
CR_FLG_DEFINEDCACERT
0x00000200
The certificate request contains an Authority Key Identifier extension that identifies the desired CA signing key for the certificate.
CR_FLG_CHALLENGEPENDING *
0x00000400
An attestation challenge ([MS-WCCE] section 3.2.2.6.2.1.2.6) for the corresponding certificate request has been sent to the client, and the server is waiting for a response.
CR_FLG_CHALLENGESATISFIED *
0x00000800
The client responded correctly to the attestation challenge for the corresponding certificate request ([MS-WCCE] section 3.2.2.6.2.1.2.7).
CR_FLG_TRUSTONUSE *
0x00001000
Verification of the requester's credentials for key attestation has succeeded ([MS-WCCE] section 3.2.2.6.2.1.2.5).
CR_FLG_TRUSTEKCERT *
0x00002000
Verification of the client's TPM hardware certificate for key attestation has succeeded ([MS-WCCE] section 3.2.2.6.2.1.2.5).
CR_FLG_TRUSTEKKEY *
0x00004000
Verification of the public key of the client's TPM's hardware key pair for key attestation has succeeded ([MS-WCCE] section 3.2.2.6.2.1.2.5).
CR_FLG_PUBLISHERROR
0x80000000
The CA had difficulty publishing the certificate to the directory that is specified in the userCertificate attribute of the entity.
-
* Support for these flags is specified in the following product behavior note.<6>
Request_Status_Code: Column name "Request.StatusCode". Indicates whether the request was successful.
-
The value is 0 if the request processed successfully. Otherwise, this field contains an error code that results from request processing. Error codes are as specified in section 2.2.5 of this document and in [MS-ERREF].
Request_Disposition_Message: Column name "Request.DispositionMessage". The text description of Request_Disposition. Request_Disposition_Message is for presentation to a user and can contain any text string, including NULL, that the implementer considers informative.
Request_Submitted_When: Column name "Request.SubmittedWhen". The CERTTIME that a request was received by the CA.
Request_Resolved_When: Column name "Request.ResolvedWhen". The CERTTIME that the CA completed request processing (whether successfully or unsuccessfully).
Request_Revoked_When: Column name "Request.RevokedWhen". The CERTTIME that the CA processed a call to the ICertAdminD::RevokeCertificate function. This field is initialized as NULL and updated by the ICertAdminD::RevokeCertificate function.
Request_Requester_Name: Column name "Request.RequesterName". The RequesterName that is included in the certificate request.
Request_Caller_Name: Column name "Request.CallerName". The user or machine context that submitted the certificate request to the CA.
Request_Signer_Policies: Column name "Request.SignerPolicies". The list of valid certificate policy OIDs (1) for each signer certificate from the certificate request.
Request_Signer_Application_Policies: Column name "Request.SignerApplicationPolicies". The list of valid Extended Key Usage OIDs (1) for each signer certificate from the certificate request.
Request_Officer: Column name "Request.Officer". Indicates whether the caller is the certificate manager of the entity that corresponds to the Request_Requester_Name.
Request_Distinguished_Name: Column name "Request.DistinguishedName". The distinguished name (DN) from the Subject attribute of the certificate request (string representation).
Request_Raw_Name: Column name "Request.RawName". Subject information from the certificate request (ASN.1 DER encoded).
Request_Country: Column name "Request.Country". The country attribute of the DN from the Subject of the certificate request.
Request_Organization: Column name "Request.Organization". The organization attribute of the DN from the Subject of the certificate request.
Request_Org_Unit: Column name "Request.OrgUnit". The organizational-unit attribute of the DN from the Subject of the certificate request.
Request_Common_Name: Column name "Request.CommonName". The common name attribute of the DN from the Subject of the certificate request.
Request_Locality: Column name "Request.Locality". The locality attribute of the DN from the Subject of the certificate request.
Request_State: Column name "Request.State". The state or province name attribute of the DN from the Subject of the certificate request.
Request_Title: Column name "Request.Title". The title attribute of the DN from the Subject of the certificate request.
Request_Given_Name: Column name "Request.GivenName". The given name (also called first name) attribute of the DN from the Subject of the certificate request.
Request_Initials: Column name "Request.Initials". The initials attribute of the DN from the Subject of the certificate request.
Request_SurName: Column name "Request.SurName". The surname attribute of the DN from the Subject of the certificate request.
Request_Domain_Component: Column name "Request.DomainComponent". The domainComponent attribute of the DN from the Subject of the certificate request.
Request_Email: Column name "Request.EMail". The EmailAddress attribute of the DN from the Subject of the certificate request.
Request_Street_Address: Column name "Request.StreetAddress". The street address attribute of the DN from the Subject of the certificate request.
Request_Unstructured_Name: Column name "Request.UnstructuredName". The unstructured name attribute of the DN from the Subject of the certificate request.
Request_Unstructured_Address: Column name "Request.UnstructuredAddress". The unstructured address attribute of the DN from the Subject of the certificate request.
Request_Device_Serial_Number: Column name "Request.DeviceSerialNumber". The device serial number attribute of the DN from the Subject of the certificate request.
Request_RequesterName_From_Old_Certificate: Column name "Request.RequesterNameFromOldCertificate". For a renewal request that is signed by the previously issued certificate, the subject name of the old certificate.<7>
Request_Attestation_Challenge: Column name "Request.AttestationChallenge". The secret passed to the client in the attestation challenge message, encrypted with the CA exchange certificate.
Request_Endorsement_Key_Hash: Column name "Request.EndorsementKeyHash". The SHA-2 hash of the hardware key that was used to TPM-attest the request.
Request_Endorsement_Certificate_Hash: Column name "Request.EndorsementCertificateHash". The SHA2 hash of the hardware certificate used to TPM-attest the request.
Request_Binary_Linter_Certificate: Column name "Request.LinterCertificate". The pre-signed certificate that was returned to the client. See section 3.1.4.1.3 and [MS-WCCE] section 3.2.1.4.2.1.4.8.1.<8>
Request_ID: Column name "RequestID". The RequestID that corresponds to an issued certificate.
Certificate_Hash: Column name "CertificateHash". The SHA-1 hash over the value of the Raw_Certificate column.
Certificate_Template: Column name "CertificateTemplate". extnValue of extension with OID (1) 1.3.6.1.4.1.311.20.2 of issued certificate.
Enrollment_Flags: Column name "EnrollmentFlags". The values that are defined in "EnrollmentFlags" from [MS-CRTD].
General_Flags: Column name "GeneralFlags". The values that are defined in "GeneralFlags" from [MS-CRTD].
Issuer_Name_Id: Column name "IssuerNameId". A sequential number that indicates which CA key signed the issued certificate.
Not_Before: Column name "NotBefore". The CERTTIME that provides the value for the Validity->notBefore field ([RFC3280] section 4.1.2.5) of the issued certificate.
Not_After: Column name "NotAfter". The CERTTIME that provides the value for the Validity->notAfter field ([RFC3280] section 4.1.2.5) of the issued certificate.
Subject_Key_Identifier: Column name "SubjectKeyIdentifier". The SubjectKeyIdentifier extension ([RFC3280] section 4.2.1.2) of the issued certificate.
Raw_Public_Key: Column name "RawPublicKey". The SubjectPublicKeyInfo->subjectPublicKey field [RFC3280] of the issued certificate.
Public_Key_Length: Column name "PublicKeyLength". The length of the SubjectPublicKeyInfo->subjectPublicKey field of the issued certificate.
Public_Key_Algorithm: Column name "PublicKeyAlgorithm". The SubjectPublicKeyInfo->algorithm->algorithm field of the issued certificate.
Raw_Public_Key_Algorithm_Parameters: Column name "RawPublicKeyAlgorithmParameters". The SubjectPublicKeyInfo->algorithm->parameters field of the issued certificate.
UPN: Column name "UPN". The UPN alternate name entry from the SubjectAltName extension in the certificate.
Distinguished_Name: Column name "DistinguishedName". The Subject field ([RFC3280] section 4.1.2.6) of the issued certificate (string representation).
Raw_Name: Column name "RawName". The Subject information of the issued certificate (ASN.1 DER encoded).
Country: Column name "Country". The country attribute of the certificate Subject.
Organization: Column name "Organization". The organization attribute of the certificate Subject.
Org_Unit: Column name "OrgUnit". The organizational-unit attribute of the certificate Subject.
Common_Name: Column name "CommonName". The common name attribute of the certificate Subject.
Locality: Column name "Locality". The locality attribute of the certificate Subject.
State: Column name "State". The state or province name attribute of the certificate Subject.
Title: Column name "Title". The title attribute of the certificate Subject.
Given_Name: Column name "GivenName". The given name attribute of the certificate Subject.
Initials: Column name "Initials". The initials attribute of the certificate Subject.
SurName: Column name "SurName". The surname attribute of the certificate Subject.
Domain_Component: Column name "DomainComponent". The domainComponent attribute of the certificate Subject.
Email: Column name "EMail". The [RFC822] Name attribute from the Subject Alternative Name of the issued certificate.
Street_Address: Column name "StreetAddress". The street address attribute of the certificate Subject.
Unstructured_Name: Column name "UnstructuredName". The unstructured name attribute of the certificate Subject.
Unstructured_Address: Column name "UnstructuredAddress". The unstructured address attribute of the certificate Subject.
Device_Serial_Number: Column name "DeviceSerialNumber". The serial number attribute of the certificate Subject.