CMC Encoded ASN.1
The following example contains a CMC request shown in ASN.1 format. The example was generated by using the Certreq.exe and Certutil.exe tools. The .inf file used as input to Certreq.exe contains the following configuration.
[NewRequest]
Subject="cn=TestCN,o=TestOrg"
RequestType=cmc
[RequestAttributes]
CertificateTemplate=User
This configuration generates the following sample output. The configuration specifies the subject, type of request (CMC), and certificate template (User). The User template specifies that:
- The request must use either the Microsoft Base Cryptographic Provider 1.0 or the Microsoft Enhanced Cryptographic Provider 1.0.
- The subject name must be built from Active Directory.
- The request includes the Certificate Template Name, Enhanced Key Usage (EKU), and Key Usage extensions. The EKU extension specifies that the issued certificate can be used for Encrypting File System (EFS), secure email, and client authentication.
0000: 30 82 04 df ; SEQUENCE (4df Bytes)
0004: 06 09 ; OBJECT_ID (9 Bytes)
0006: | 2a 86 48 86 f7 0d 01 07 02
| ; 1.2.840.113549.1.7.2 PKCS 7 Signed
000f: a0 82 04 d0 ; OPTIONAL[0] (4d0 Bytes)
0013: 30 82 04 cc ; SEQUENCE (4cc Bytes)
0017: 02 01 ; INTEGER (1 Bytes)
0019: | 03
001a: 31 0b ; SET (b Bytes)
001c: | 30 09 ; SEQUENCE (9 Bytes)
001e: | 06 05 ; OBJECT_ID (5 Bytes)
0020: | | 2b 0e 03 02 1a
| | ; 1.3.14.3.2.26 sha1 (sha1NoSign)
0025: | 05 00 ; NULL (0 Bytes)
0027: 30 82 03 bc ; SEQUENCE (3bc Bytes)
002b: | 06 08 ; OBJECT_ID (8 Bytes)
002d: | | 2b 06 01 05 05 07 0c 02
| | ; 1.3.6.1.5.5.7.12.2 CMC Data
0035: | a0 82 03 ae ; OPTIONAL[0] (3ae Bytes)
0039: | 04 82 03 aa ; OCTET_STRING (3aa Bytes)
003d: | 30 82 03 a6 ; SEQUENCE (3a6 Bytes)
0041: | 30 78 ; SEQUENCE (78 Bytes)
0043: | | 30 76 ; SEQUENCE (76 Bytes)
0045: | | 02 01 ; INTEGER (1 Bytes)
0047: | | | 02
0048: | | 06 0a ; OBJECT_ID (a Bytes)
004a: | | | 2b 06 01 04 01 82 37 0a 0a 01
| | | ; 1.3.6.1.4.1.311.10.10.1 CMC Attributes
0054: | | 31 65 ; SET (65 Bytes)
0056: | | 30 63 ; SEQUENCE (63 Bytes)
0058: | | 02 01 ; INTEGER (1 Bytes)
005a: | | | 00
005b: | | 30 03 ; SEQUENCE (3 Bytes)
005d: | | | 02 01 ; INTEGER (1 Bytes)
005f: | | | 01
0060: | | 31 59 ; SET (59 Bytes)
0062: | | 30 57 ; SEQUENCE (57 Bytes)
0064: | | 06 09 ; OBJECT_ID (9 Bytes)
0066: | | | 2b 06 01 04 01 82 37 15 14
| | | ; 1.3.6.1.4.1.311.21.20 Client Information
006f: | | 31 4a ; SET (4a Bytes)
0071: | | 30 48 ; SEQUENCE (48 Bytes)
0073: | | 02 01 ; INTEGER (1 Bytes)
0075: | | | 09
0076: | | 0c 23 ; UTF8_STRING (23 Bytes)
0078: | | | 76 69 63 68 33 64 2e 6a 64 6f 6d 63 73 63 2e 6e ; vich3d.jdomcsc.n
0088: | | | 74 74 65 73 74 2e 6d 69 63 72 6f 73 6f 66 74 2e ; ttest.microsoft.
0098: | | | 63 6f 6d ; com
| | | ; "vich3d.jdomcsc.nttest.microsoft.com"
009b: | | 0c 15 ; UTF8_STRING (15 Bytes)
009d: | | | 4a 44 4f 4d 43 53 43 5c 61 64 6d 69 6e 69 73 74 ; JDOMCSC\administ
00ad: | | | 72 61 74 6f 72 ; rator
| | | ; "JDOMCSC\administrator"
00b2: | | 0c 07 ; UTF8_STRING (7 Bytes)
00b4: | | 63 65 72 74 72 65 71 ; certreq
| | ; "certreq"
00bb: | 30 82 03 24 ; SEQUENCE (324 Bytes)
00bf: | | a0 82 03 20 ; OPTIONAL[0] (320 Bytes)
00c3: | | 02 01 ; INTEGER (1 Bytes)
00c5: | | | 01
00c6: | | 30 82 03 19 ; SEQUENCE (319 Bytes)
00ca: | | 30 82 02 82 ; SEQUENCE (282 Bytes)
00ce: | | | 02 01 ; INTEGER (1 Bytes)
00d0: | | | | 00
00d1: | | | 30 23 ; SEQUENCE (23 Bytes)
00d3: | | | | 31 0f ; SET (f Bytes)
00d5: | | | | | 30 0d ; SEQUENCE (d Bytes)
00d7: | | | | | 06 03 ; OBJECT_ID (3 Bytes)
00d9: | | | | | | 55 04 03
| | | | | | ; 2.5.4.3 Common Name (CN)
00dc: | | | | | 13 06 ; PRINTABLE_STRING (6 Bytes)
00de: | | | | | 54 65 73 74 43 4e ; TestCN
| | | | | ; "TestCN"
00e4: | | | | 31 10 ; SET (10 Bytes)
00e6: | | | | 30 0e ; SEQUENCE (e Bytes)
00e8: | | | | 06 03 ; OBJECT_ID (3 Bytes)
00ea: | | | | | 55 04 0a
| | | | | ; 2.5.4.10 Organization (O)
00ed: | | | | 13 07 ; PRINTABLE_STRING (7 Bytes)
00ef: | | | | 54 65 73 74 4f 72 67 ; TestOrg
| | | | ; "TestOrg"
00f6: | | | 30 81 9f ; SEQUENCE (9f Bytes)
00f9: | | | | 30 0d ; SEQUENCE (d Bytes)
00fb: | | | | | 06 09 ; OBJECT_ID (9 Bytes)
00fd: | | | | | | 2a 86 48 86 f7 0d 01 01 01
| | | | | | ; 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
0106: | | | | | 05 00 ; NULL (0 Bytes)
0108: | | | | 03 81 8d ; BIT_STRING (8d Bytes)
010b: | | | | 00
010c: | | | | 30 81 89 ; SEQUENCE (89 Bytes)
010f: | | | | 02 81 81 ; INTEGER (81 Bytes)
0112: | | | | | 00
0113: | | | | | af 5e 54 53 58 0d 96 c6 b3 c0 77 3f 3d 6a 01 8a
0123: | | | | | b6 e8 1f 12 ed da b3 f2 3f f3 f0 31 99 61 a1 25
0133: | | | | | bb bf 3b d0 aa ae d5 0f ac 12 a4 30 1f 92 83 e9
0143: | | | | | bd 6f c8 47 6f 57 8e 91 23 ac fa 14 ad 42 b7 f9
0153: | | | | | b1 ab e1 2a 92 7d 76 7a 97 49 95 83 eb c1 07 89
0163: | | | | | 56 a9 16 96 03 1c e4 01 34 ff f0 94 8a 83 f9 68
0173: | | | | | 70 92 d1 59 bf 15 70 0f e8 fd 4b eb 5c e7 9e 1d
0183: | | | | | 4c e6 73 99 12 7e 52 91 92 9b 2e d3 2b 0d 89 65
0193: | | | | 02 03 ; INTEGER (3 Bytes)
0195: | | | | 01 00 01
0198: | | | a0 82 01 b4 ; OPTIONAL[0] (1b4 Bytes)
019c: | | | 30 1a ; SEQUENCE (1a Bytes)
019e: | | | | 06 0a ; OBJECT_ID (a Bytes)
01a0: | | | | | 2b 06 01 04 01 82 37 0d 02 03
| | | | | ; 1.3.6.1.4.1.311.13.2.3 OS Version
01aa: | | | | 31 0c ; SET (c Bytes)
01ac: | | | | 16 0a ; IA5_STRING (a Bytes)
01ae: | | | | 36 2e 30 2e 35 33 36 31 2e 32 ; 6.0.5361.2
| | | | ; "6.0.5361.2"
01b8: | | | 30 42 ; SEQUENCE (42 Bytes)
01ba: | | | | 06 0a ; OBJECT_ID (a Bytes)
01bc: | | | | | 2b 06 01 04 01 82 37 0d 02 01
| | | | | ; 1.3.6.1.4.1.311.13.2.1 Enrollment Name Value Pair
01c6: | | | | 31 34 ; SET (34 Bytes)
01c8: | | | | 30 32 ; SEQUENCE (32 Bytes)
01ca: | | | | 1e 26 ; UNICODE_STRING (26 Bytes)
01cc: | | | | | 00 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 ; .C.e.r.t.i.f.i.c
01dc: | | | | | 00 61 00 74 00 65 00 54 00 65 00 6d 00 70 00 6c ; .a.t.e.T.e.m.p.l
01ec: | | | | | 00 61 00 74 00 65 ; .a.t.e
| | | | | ; "CertificateTemplate"
01f2: | | | | 1e 08 ; UNICODE_STRING (8 Bytes)
01f4: | | | | 00 55 00 73 00 65 00 72 ; .U.s.e.r
| | | | ; "User"
01fc: | | | 30 57 ; SEQUENCE (57 Bytes)
01fe: | | | | 06 09 ; OBJECT_ID (9 Bytes)
0200: | | | | | 2b 06 01 04 01 82 37 15 14
| | | | | ; 1.3.6.1.4.1.311.21.20 Client Information
0209: | | | | 31 4a ; SET (4a Bytes)
020b: | | | | 30 48 ; SEQUENCE (48 Bytes)
020d: | | | | 02 01 ; INTEGER (1 Bytes)
020f: | | | | | 09
0210: | | | | 0c 23 ; UTF8_STRING (23 Bytes)
0212: | | | | | 76 69 63 68 33 64 2e 6a 64 6f 6d 63 73 63 2e 6e ; vich3d.jdomcsc.n
0222: | | | | | 74 74 65 73 74 2e 6d 69 63 72 6f 73 6f 66 74 2e ; ttest.microsoft.
0232: | | | | | 63 6f 6d ; com
| | | | | ; "vich3d.jdomcsc.nttest.microsoft.com"
0235: | | | | 0c 15 ; UTF8_STRING (15 Bytes)
0237: | | | | | 4a 44 4f 4d 43 53 43 5c 61 64 6d 69 6e 69 73 74 ; JDOMCSC\administ
0247: | | | | | 72 61 74 6f 72 ; rator
| | | | | ; "JDOMCSC\administrator"
024c: | | | | 0c 07 ; UTF8_STRING (7 Bytes)
024e: | | | | 63 65 72 74 72 65 71 ; certreq
| | | | ; "certreq"
0255: | | | 30 74 ; SEQUENCE (74 Bytes)
0257: | | | | 06 0a ; OBJECT_ID (a Bytes)
0259: | | | | | 2b 06 01 04 01 82 37 0d 02 02
| | | | | ; 1.3.6.1.4.1.311.13.2.2 Enrollment CSP
0263: | | | | 31 66 ; SET (66 Bytes)
0265: | | | | 30 64 ; SEQUENCE (64 Bytes)
0267: | | | | 02 01 ; INTEGER (1 Bytes)
0269: | | | | | 01
026a: | | | | 1e 5c ; UNICODE_STRING (5c Bytes)
026c: | | | | | 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 ; .M.i.c.r.o.s.o.f
027c: | | | | | 00 74 00 20 00 45 00 6e 00 68 00 61 00 6e 00 63 ; .t. .E.n.h.a.n.c
028c: | | | | | 00 65 00 64 00 20 00 43 00 72 00 79 00 70 00 74 ; .e.d. .C.r.y.p.t
029c: | | | | | 00 6f 00 67 00 72 00 61 00 70 00 68 00 69 00 63 ; .o.g.r.a.p.h.i.c
02ac: | | | | | 00 20 00 50 00 72 00 6f 00 76 00 69 00 64 00 65 ; . .P.r.o.v.i.d.e
02bc: | | | | | 00 72 00 20 00 76 00 31 00 2e 00 30 ; .r. .v.1...0
| | | | | ; "Microsoft Enhanced Cryptographic Provider v1.0"
02c8: | | | | 03 01 ; BIT_STRING (1 Bytes)
02ca: | | | | 00
02cb: | | | 30 81 82 ; SEQUENCE (82 Bytes)
02ce: | | | 06 09 ; OBJECT_ID (9 Bytes)
02d0: | | | | 2a 86 48 86 f7 0d 01 09 0e
| | | | ; 1.2.840.113549.1.9.14 Certificate Extensions
02d9: | | | 31 75 ; SET (75 Bytes)
02db: | | | 30 73 ; SEQUENCE (73 Bytes)
02dd: | | | 30 17 ; SEQUENCE (17 Bytes)
02df: | | | | 06 09 ; OBJECT_ID (9 Bytes)
02e1: | | | | | 2b 06 01 04 01 82 37 14 02
| | | | | ; 1.3.6.1.4.1.311.20.2 Certificate Template Name (Certificate Type)
02ea: | | | | 04 0a ; OCTET_STRING (a Bytes)
02ec: | | | | 1e 08 00 55 00 73 00 65 00 72 ; ...U.s.e.r
02f6: | | | 30 29 ; SEQUENCE (29 Bytes)
02f8: | | | | 06 03 ; OBJECT_ID (3 Bytes)
02fa: | | | | | 55 1d 25
| | | | | ; 2.5.29.37 Enhanced Key Usage
02fd: | | | | 04 22 ; OCTET_STRING (22 Bytes)
02ff: | | | | 30 20 ; SEQUENCE (20 Bytes)
0301: | | | | 06 0a ; OBJECT_ID (a Bytes)
0303: | | | | | 2b 06 01 04 01 82 37 0a 03 04
| | | | | ; 1.3.6.1.4.1.311.10.3.4 Encrypting File System
030d: | | | | 06 08 ; OBJECT_ID (8 Bytes)
030f: | | | | | 2b 06 01 05 05 07 03 04
| | | | | ; 1.3.6.1.5.5.7.3.4 Secure Email
0317: | | | | 06 08 ; OBJECT_ID (8 Bytes)
0319: | | | | 2b 06 01 05 05 07 03 02
| | | | ; 1.3.6.1.5.5.7.3.2 Client Authentication
0321: | | | 30 0e ; SEQUENCE (e Bytes)
0323: | | | | 06 03 ; OBJECT_ID (3 Bytes)
0325: | | | | | 55 1d 0f
| | | | | ; 2.5.29.15 Key Usage
0328: | | | | 01 01 ; BOOL (1 Bytes)
032a: | | | | | ff
032b: | | | | 04 04 ; OCTET_STRING (4 Bytes)
032d: | | | | 03 02 ; BIT_STRING (2 Bytes)
032f: | | | | 05
0330: | | | | a0
0331: | | | 30 1d ; SEQUENCE (1d Bytes)
0333: | | | 06 03 ; OBJECT_ID (3 Bytes)
0335: | | | | 55 1d 0e
| | | | ; 2.5.29.14 Subject Key Identifier
0338: | | | 04 16 ; OCTET_STRING (16 Bytes)
033a: | | | 04 14 ; OCTET_STRING (14 Bytes)
033c: | | | 36 91 78 7a 2f 0b b7 ef af 06 e2 9c 3c cb 06 51 ; 6.xz/.......<..Q
034c: | | | d8 9d 70 57 ; ..pW
0350: | | 30 0d ; SEQUENCE (d Bytes)
0352: | | | 06 09 ; OBJECT_ID (9 Bytes)
0354: | | | | 2a 86 48 86 f7 0d 01 01 05
| | | | ; 1.2.840.113549.1.1.5 sha1RSA
035d: | | | 05 00 ; NULL (0 Bytes)
035f: | | 03 81 81 ; BIT_STRING (81 Bytes)
0362: | | 00
0363: | | a8 b7 1b 99 76 df c0 ea c3 7f e5 b3 05 ba b9 bc
0373: | | 8a 15 ed fe 29 15 42 a8 0a e1 8c 4d 56 12 45 91
0383: | | 2d a8 09 ae 95 22 6e 0f 6c d5 86 7c d3 66 c6 b4
0393: | | 2d 8a de bb eb f8 6f 91 70 8b bc 01 34 bd 08 8c
03a3: | | 9a e0 2a 55 ce ac f9 1b d7 34 60 8d 74 0e d2 29
03b3: | | 9c 9e 7a ef 81 08 5c 25 16 b2 5f 4b cf 7e 26 54
03c3: | | 7e 39 88 1f d6 83 39 a7 0e b9 56 be 3a 1c dc f3
03d3: | | 46 64 e1 2b 39 4a 88 60 2a 84 b4 5b c7 88 27 62
03e3: | 30 00 ; SEQUENCE (0 Bytes)
03e5: | 30 00 ; SEQUENCE (0 Bytes)
03e7: 31 81 f9 ; SET (f9 Bytes)
03ea: 30 81 f6 ; SEQUENCE (f6 Bytes)
03ed: 02 01 ; INTEGER (1 Bytes)
03ef: | 03
03f0: 80 14 ; CONTEXT_SPECIFIC[0] (14 Bytes)
03f2: | 36 91 78 7a 2f 0b b7 ef af 06 e2 9c 3c cb 06 51 ; 6.xz/.......<..Q
0402: | d8 9d 70 57 ; ..pW
0406: 30 09 ; SEQUENCE (9 Bytes)
0408: | 06 05 ; OBJECT_ID (5 Bytes)
040a: | | 2b 0e 03 02 1a
| | ; 1.3.14.3.2.26 sha1 (sha1NoSign)
040f: | 05 00 ; NULL (0 Bytes)
0411: a0 3e ; OPTIONAL[0] (3e Bytes)
0413: | 30 17 ; SEQUENCE (17 Bytes)
0415: | | 06 09 ; OBJECT_ID (9 Bytes)
0417: | | | 2a 86 48 86 f7 0d 01 09 03
| | | ; 1.2.840.113549.1.9.3 Content Type
0420: | | 31 0a ; SET (a Bytes)
0422: | | 06 08 ; OBJECT_ID (8 Bytes)
0424: | | 2b 06 01 05 05 07 0c 02
| | ; 1.3.6.1.5.5.7.12.2 CMC Data
042c: | 30 23 ; SEQUENCE (23 Bytes)
042e: | 06 09 ; OBJECT_ID (9 Bytes)
0430: | | 2a 86 48 86 f7 0d 01 09 04
| | ; 1.2.840.113549.1.9.4 Message Digest
0439: | 31 16 ; SET (16 Bytes)
043b: | 04 14 ; OCTET_STRING (14 Bytes)
043d: | d1 5d 41 ed 30 cb ca d1 24 0a 57 00 ea 6b 47 a2 ; .]A.0...$.W..kG.
044d: | f8 79 cd 9b ; .y..
0451: 30 0d ; SEQUENCE (d Bytes)
0453: | 06 09 ; OBJECT_ID (9 Bytes)
0455: | | 2a 86 48 86 f7 0d 01 01 01
| | ; 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
045e: | 05 00 ; NULL (0 Bytes)
0460: 04 81 80 ; OCTET_STRING (80 Bytes)
0463: 38 10 60 e2 70 69 91 4a 8b b5 22 57 2a 62 ef de ; 8.`.pi.J.."W*b..
0473: 15 7d 59 d6 4e 20 9a 45 2b e3 fd fc 68 ba af bf ; .}Y.N .E+...h...
0483: 9c 17 b0 8e 6d c4 29 1e e3 21 ac bb 5a 8a c9 67 ; ....m.)..!..Z..g
0493: 0a d4 45 93 10 c0 26 eb 0a 83 c2 b1 40 87 36 f7 ; ..E...&.....@.6.
04a3: a0 26 da b9 bb 46 73 88 7a 67 b9 e6 b3 6f ea 59 ; .&...Fs.zg...o.Y
04b3: 28 8a d3 92 72 f6 7b 89 a0 d8 2d 9e 40 eb 1e bb ; (...r.{...-.@...
04c3: 6e ae f0 5a ed 16 c9 e3 27 59 37 8f f3 4a 98 60 ; n..Z....'Y7..J.`
04d3: f8 fb a7 0a ee 1b 6e 91 95 96 cf 0d 56 ac ab 35 ; ......n.....V..5
CertUtil: -asn command completed successfully.
Related topics