ICertServerPolicy::GetCertificateProperty

The GetCertificateProperty method returns a named property from a certificate.

[VB] VARIANT GetCertificateProperty(
  BSTR strPropertyName,  
  long PropertyType      
);
 
[JAVA] com.ms.Variant GetCertificateProperty(
  java.lang.String strPropertyName,  
  int PropertyType                   
);
 
[C++] HRESULT GetCertificateProperty(
  BSTR const strPropertyName,  // in
  LONG PropertyType,           // in
  VARIANT *pvarPropertyValue   // out, return value
);

Parameters

[VB][JAVA][C++] strPropertyName

Specifies the named property to retrieve. There are a stock set of certificate properties that are always valid, referred to as the Name Properties. Other properties valid for certificates include the Certifcate Properties listed below.

Name Properties

These properties can refer to the subject name or the issuer name by prepending Subject or Issuer to the property. For example, Subject.OrgUnit would refer to the subject's organizational unit.

Note Only Subject name properties are supported in this release (do not prepend Issuer to a property name.)

Property Name Data Type Description

DistinguishedName String Full X.400 DN Name

RawName Binary ASN.1 Encoded DN

Country String X.500 2-character country code (for example US for United States or CA for Canada)

Organization String Legal name of organization

OrgUnit String Name of sub-organization or department

CommonName String Fully qualified hostname/path used in DNS (Domain Name System) lookups (for example, host.company.com)

StreetAddress String Street address or PO Box

Locality String Name of city

State String Full name of state or province (for example, California)

Title String Title of individual who requested the certificate (optional)

GivenName String First name of individual

Initials String Initials of individual (optional)

Surname String Last name of individual

DomainComponent String Component of a DNS (Domain Name System) name

E-Mail String E-mail address

Property Name	Data Type	Description
DistinguishedName	String	Full X.400 DN Name
RawName	Binary	ASN.1 Encoded DN
Country	String	X.500 2-character country code (for example US for United States or CA for Canada)
Organization	String	Legal name of organization
OrgUnit	String	Name of sub-organization or department
CommonName	String	Fully qualified hostname/path used in DNS (Domain Name System) lookups (for example, host.company.com)
StreetAddress	String	Street address or PO Box
Locality	String	Name of city
State	String	Full name of state or province (for example, California)
Title	String	Title of individual who requested the certificate (optional)
GivenName	String	First name of individual
Initials	String	Initials of individual (optional)
Surname	String	Last name of individual
DomainComponent	String	Component of a DNS (Domain Name System) name
E-Mail	String	E-mail address

All of the above properties except DistinguishedName, RawName, and Country support multi-valued syntax using an ANSI punctuation character as the separator, which by default must be a comma. The separator character is specified by the HKEY_LOCAL_MACHINE\SYSTEM\\CurrentControlSet\Services\CertSVC\Configuration\<CA Name>\SubjectNameSeparator (REG_SZ) entry in the system registry. This entry is set to a single character string containing a comma, by default. The first character of this string must be an ANSI punctation character to enable the multi-valued syntax. If some other character appears first, or if the registry entry is empty or missing, then multi-valued syntax is disabled.

Note The RawName property is only accessible by ICertServerPolicy::GetCertificateProperty if the certificate is requested using a non-KeyGen certificate request. For KeyGen requests, the RawName property does not exist in the certirficate until it is added after the policy module has finished processing the request and the certificate is issued. The RawName property can always be read by ICertServerExit::GetCertificateProperty.

Certificate Properties

The following properties are unique to certificates and can be read by ICertServerPolicy::GetCertificateProperty.

Property Name Data Type Description

RequestID Signed long Internal request ID

NotBefore Date / Time Certificate start validity date

NotAfter Date / Time Certificate expiration date

RawPublicKey Binary Subject key

PublicKeyAlgorithm String Subject key algorithm Object ID (OID)

RawPublicKeyAlgorithmParameters Binary Subject key algorithm parameters

Property Name	Data Type	Description
RequestID	Signed long	Internal request ID
NotBefore	Date / Time	Certificate start validity date
NotAfter	Date / Time	Certificate expiration date
RawPublicKey	Binary	Subject key
PublicKeyAlgorithm	String	Subject key algorithm Object ID (OID)
RawPublicKeyAlgorithmParameters	Binary	Subject key algorithm parameters

Note There are additional certificate properties that cannot be accessed by ICertServerPolicy::GetCertificateProperty. These properties are not set until after the policy module returns VR_INSTANT_OK and the certificate is issued. See ICertServerExit::GetCertificateProperty for a complete list of all the properties in an issued certificate.

[VB][JAVA][C++] PropertyType

Specifies the property type. The type can be one of the following types.

Type Specifier	Data Type
PROPTYPE_LONG	Signed long data
PROPTYPE_DATE	Date / Time
PROPTYPE_BINARY	Binary data
PROPTYPE_STRING	String data

[C++] pvarPropertyValue

Points to the return value. See Return Value.

Return Values

Returns the requested property value.

QuickInfo

  Windows NT: Requires version 5.0 or later (or version 4.0 with the Windows NT 4.0 Option Pack).
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in certif.h.
  Import Library: Use certidl.lib.