The GetCertificateProperty method returns a named property from a certificate.
[VB] VARIANT GetCertificateProperty(
BSTR strPropertyName,
long PropertyType
);
[JAVA] com.ms.Variant GetCertificateProperty(
java.lang.String strPropertyName,
int PropertyType
);
[C++] HRESULT GetCertificateProperty(
BSTR const strPropertyName, // in
LONG PropertyType, // in
VARIANT *pvarPropertyValue // out, return value
);
Name Properties
These properties can refer to the subject name or the issuer name by prepending Subject or Issuer to the property. For example, Subject.OrgUnit would refer to the subject's organizational unit.
Note Only Subject name properties are supported in this release (do not prepend Issuer to a property name.)
Property Name | Data Type | Description |
---|---|---|
DistinguishedName | String | Full X.400 DN Name |
RawName | Binary | ASN.1 Encoded DN |
Country | String | X.500 2-character country code (for example US for United States or CA for Canada) |
Organization | String | Legal name of organization |
OrgUnit | String | Name of sub-organization or department |
CommonName | String | Fully qualified hostname/path used in DNS (Domain Name System) lookups (for example, host.company.com) |
StreetAddress | String | Street address or PO Box |
Locality | String | Name of city |
State | String | Full name of state or province (for example, California) |
Title | String | Title of individual who requested the certificate (optional) |
GivenName | String | First name of individual |
Initials | String | Initials of individual (optional) |
Surname | String | Last name of individual |
DomainComponent | String | Component of a DNS (Domain Name System) name |
String | E-mail address |
All of the above properties except DistinguishedName, RawName, and Country support multi-valued syntax using an ANSI punctuation character as the separator, which by default must be a comma. The separator character is specified by the HKEY_LOCAL_MACHINE\SYSTEM\\CurrentControlSet\Services\CertSVC\Configuration\<CA Name>\SubjectNameSeparator (REG_SZ) entry in the system registry. This entry is set to a single character string containing a comma, by default. The first character of this string must be an ANSI punctation character to enable the multi-valued syntax. If some other character appears first, or if the registry entry is empty or missing, then multi-valued syntax is disabled.
Note The RawName property is only accessible by ICertServerPolicy::GetCertificateProperty if the certificate is requested using a non-KeyGen certificate request. For KeyGen requests, the RawName property does not exist in the certirficate until it is added after the policy module has finished processing the request and the certificate is issued. The RawName property can always be read by ICertServerExit::GetCertificateProperty.
Certificate Properties
The following properties are unique to certificates and can be read by ICertServerPolicy::GetCertificateProperty.
Property Name | Data Type | Description |
---|---|---|
RequestID | Signed long | Internal request ID |
NotBefore | Date / Time | Certificate start validity date |
NotAfter | Date / Time | Certificate expiration date |
RawPublicKey | Binary | Subject key |
PublicKeyAlgorithm | String | Subject key algorithm Object ID (OID) |
RawPublicKeyAlgorithmParameters | Binary | Subject key algorithm parameters |
Note There are additional certificate properties that cannot be accessed by ICertServerPolicy::GetCertificateProperty. These properties are not set until after the policy module returns VR_INSTANT_OK and the certificate is issued. See ICertServerExit::GetCertificateProperty for a complete list of all the properties in an issued certificate.
Type Specifier | Data Type |
---|---|
PROPTYPE_LONG | Signed long data |
PROPTYPE_DATE | Date / Time |
PROPTYPE_BINARY | Binary data |
PROPTYPE_STRING | String data |
Returns the requested property value.
Windows NT: Requires version 5.0 or later (or version 4.0 with the Windows NT 4.0 Option Pack).
Windows: Unsupported.
Windows CE: Unsupported.
Header: Declared in certif.h.
Import Library: Use certidl.lib.