2.2.2.9 X.509 Certificate Extensions

License information stored in the client license store contains the certificates and the associated certificate chain generated by a license server. Certificates that license servers issue to terminal servers and Remote Desktop clients conform to the X.509 Version 3 format (see [[RFC3280]]) and are signed using the object identifier (OID) "1.3.14.3.2.29" (OID_OIWSEC_sha1RSASign) (for more information, see [[MSDN-CAI]]). The certificates generated by the license server include the following extension OIDs:

• "1.3.6.1.4.1.311.18.4" (szOID_PKIX_HYDRA_CERT_VERSION)

• "1.3.6.1.4.1.311.18.2" (szOID_PKIX_MANUFACTURER)

• "1.3.6.1.4.1.311.18.5" (szOID_PKIX_LICENSED_PRODUCT_INFO)

• "1.3.6.1.4.1.311.18.6" (szOID_PKIX_MS_LICENSE_SERVER_INFO)

• "1.3.6.1.4.1.311.18.7" (szOID_PKIS_PRODUCT_SPECIFIC_OID)

More than one license can be issued to a given client. In this case the license store of the client contains multiple licenses as leaf nodes, each of these licenses being issued by the same license server or different license servers.

The license server certificate can be either a self-signed certificate or a certificate issued by the clearing house.