ICertServerPolicy::GetCertificateProperty

The GetCertificateProperty method returns a named property from a certificate.

[VB] VARIANT GetCertificateProperty(
  BSTR strPropertyName,  
  long PropertyType      
);
 
[JAVA] com.ms.Variant GetCertificateProperty(
  java.lang.String strPropertyName,  
  int PropertyType                   
);
 
[C++] HRESULT GetCertificateProperty(
  BSTR const strPropertyName,  // in
  LONG PropertyType,           // in
  VARIANT *pvarPropertyValue   // out, return value
);
 

Parameters

[VB][JAVA][C++] strPropertyName
Specifies the named property to retrieve. There are a stock set of certificate properties that are always valid, referred to as the Name Properties. Other properties valid for certificates include the Certifcate Properties listed below.

Name Properties

These properties can refer to the subject name or the issuer name by prepending Subject or Issuer to the property. For example, Subject.OrgUnit would refer to the subject's organizational unit.

Note  Only Subject name properties are supported in this release (do not prepend Issuer to a property name.)
Property Name Data Type Description
DistinguishedName String Full X.400 DN Name
RawName Binary ASN.1 Encoded DN
Country String X.500 2-character country code (for example US for United States or CA for Canada)
Organization String Legal name of organization
OrgUnit String Name of sub-organization or department
CommonName String Fully qualified hostname/path used in DNS (Domain Name System) lookups (for example, host.company.com)
StreetAddress String Street address or PO Box
Locality String Name of city
State String Full name of state or province (for example, California)
Title String Title of individual who requested the certificate (optional)
GivenName String First name of individual
Initials String Initials of individual (optional)
Surname String Last name of individual
DomainComponent String Component of a DNS (Domain Name System) name
E-Mail String E-mail address

All of the above properties except DistinguishedName, RawName, and Country support multi-valued syntax using an ANSI punctuation character as the separator, which by default must be a comma. The separator character is specified by the HKEY_LOCAL_MACHINE\SYSTEM\\CurrentControlSet\Services\CertSVC\Configuration\<CA Name>\SubjectNameSeparator (REG_SZ) entry in the system registry. This entry is set to a single character string containing a comma, by default. The first character of this string must be an ANSI punctation character to enable the multi-valued syntax. If some other character appears first, or if the registry entry is empty or missing, then multi-valued syntax is disabled.

Note  The RawName property is only accessible by ICertServerPolicy::GetCertificateProperty if the certificate is requested using a non-KeyGen certificate request. For KeyGen requests, the RawName property does not exist in the certirficate until it is added after the policy module has finished processing the request and the certificate is issued. The RawName property can always be read by ICertServerExit::GetCertificateProperty.

Certificate Properties

The following properties are unique to certificates and can be read by ICertServerPolicy::GetCertificateProperty.
Property Name Data Type Description
RequestID Signed long Internal request ID
NotBefore Date / Time Certificate start validity date
NotAfter Date / Time Certificate expiration date
RawPublicKey Binary Subject key
PublicKeyAlgorithm String Subject key algorithm Object ID (OID)
RawPublicKeyAlgorithmParameters Binary Subject key algorithm parameters

Note  There are additional certificate properties that cannot be accessed by ICertServerPolicy::GetCertificateProperty. These properties are not set until after the policy module returns VR_INSTANT_OK and the certificate is issued. See ICertServerExit::GetCertificateProperty for a complete list of all the properties in an issued certificate.

[VB][JAVA][C++] PropertyType
Specifies the property type. The type can be one of the following types.
Type Specifier Data Type
PROPTYPE_LONG Signed long data
PROPTYPE_DATE Date / Time
PROPTYPE_BINARY Binary data
PROPTYPE_STRING String data

[C++] pvarPropertyValue
Points to the return value. See Return Value.

Return Values

Returns the requested property value.

QuickInfo

  Windows NT: Requires version 5.0 or later (or version 4.0 with the Windows NT 4.0 Option Pack).
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in certif.h.
  Import Library: Use certidl.lib.