[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Adding extensions to PKCS10 request
From:       Sahib Aulakh <sahib_aulakh () HOTMAIL ! COM>
Date:       2001-07-31 16:26:57
[Download RAW message or body]


I am creating a PKCS10 CSR using the CryptSignAndEncodeCertificate call.
However, the signed certificate I get back from Microsoft Certificate
Services does not seem to have the proper extensions. When I try to import
the received certificate blob by CertAddEncodedCertificateToStore I get --
CRYPT_E_ASN1_EOD. "ASN1 unexpected end of data." error. It seems that the
latter call expects some extensions in the certificate and fails when it
does not find these extensions.

When I create a CSR using the Microsoft XEnroll DLL, I am able to add the
received certificate by invoking CertAddEncodedCertificateToStore. The only
difference I see among the two CSR's is that the latter has the following
extensions inside it:-

         Requested Extensions:
             X509v3 Key Usage: critical
                 Digital Signature, Non Repudiation
             X509v3 Extended Key Usage:
                 Microsoft Individual Code Signing, Code Signing

My questions is: How do I add these extensions to the CSR that I am
generating without making use of XEnroll?

Any information on this will be appreciated.

Sahib Aulakh.

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

[prev in list] [next in list] [prev in thread] [next in thread]