Microsoft® Certificate Server includes a default extension handler, CertEnc.dll, that provides routines for encoding the most commonly used extensions and data types such as IA5String, PrintableString, etc. These data types aren't among the default data types available from the policy module.
The non-default data types are supported by a number of ICertEncodeXXX interfaces exported by CertEnc.dll. Each interface provides an Encode method that returns an ASN encoded certificate extension to the policy module in a binary format. The policy module can then set the extension in a certificate by calling the ICertServerPolicy::SetCertificateExtension method. Here is an example written in Microsoft Visual Basic® that demonstrates how a policy module can encode a string array and use it to set a certificate extension:
Private Const szOID_TEST1 As String = "0.1.2.3.4.5.6.0"
Set StringArray = New CCertEncodeStringArray
Dim Extension As String
StringArray.Reset 3, CERT_RDN_IA5_STRING
StringArray.SetValue 0, "VB Test String 1"
StringArray.SetValue 1, "VB Test String 2"
StringArray.SetValue 2, "VB Test String 3"
Extension = StringArray.Encode
CertServer.SetCertificateExtension _
szOID_TEST1, _
PROPTYPE_BINARY, _
EXTENSION_DISABLE_FLAG, _
Extension