188.8.131.52.3.1.1 New Certificate Request Using PKCS #10 Request Format
szOID_OS_VERSION (184.108.40.206.4.1.3220.127.116.11): The client SHOULD use this attribute to specify the version information of the client's operating system in the form of a string. <22> The client SHOULD encode the value of this attribute as a IA5String. The format for this attribute is as specified in section 18.104.22.168.
szOID_REQUEST_CLIENT_INFO (22.214.171.124.4.1.311.21.20): Clients SHOULD use this value to pass additional client information such as machine name, user name, and application name. For details see section 126.96.36.199.4.
szOID_CERT_EXTENSIONS (188.8.131.52.4.1.3184.108.40.206): The client SHOULD use this value to pass additional certificate extensions that are to be added to the issued certificate.
szOID_ENROLLMENT_NAME_VALUE_PAIR (220.127.116.11.4.1.318.104.22.168): The client SHOULD use this value to pass additional enrollment information as name-value pair collection. Following are the names that are supported by the protocol and their associated client-processing rules:
SAN: The client SHOULD use this value to pass a string that defines the requested value for the SubjectAltName extension in the issued certificate. Specifications on possible values for this attribute are in section 22.214.171.124.2.1.2.
CertificateUsage: The client SHOULD use this value to pass one or more OIDs that define the requested ExtendedKeyUsage extension for the issued certificate, as specified in [RFC3280] section 126.96.36.199.
ValidityPeriod: The client SHOULD use this value to request the CA to issue the certificate for a specific validity time. For example, if the validity period is three weeks, then the client requests that the issued certificate be valid for three weeks after issuance. If ValidityPeriod is used, the client MUST use it with the ValidityPeriodUnits attribute.
ValidityPeriodUnits: The client SHOULD use this value to send the count of "ValidityPeriod" for the requested validity period for the issued certificate. The client MUST use this attribute with the ValidityPeriod attribute.
rmd: The client SHOULD use this value to identify the exact FQDN of the machine object associated with the request.