Partager via

3.1.1.1.2 Request Table Optional Data Elements

  • Article

Values for the following elements of the Request table SHOULD be maintained by the CA:

Request_Key_Recovery_Hashes: Column name "Request.KeyRecoveryHashes". Unique identifiers of the key recovery agent (KRA) certificates that are required to retrieve an archived private key.

Request_Raw_Old_Certificate: Column name "Request.RawOldCertificate". In the case of a renewal, the preceding certificate.

Request_Request_Attributes: Column name "Request.RequestAttributes". The certificate request attributes as defined in [MS-WCCE].

Request_Request_Type: Column name "Request.RequestType". The type or format of a certificate request, such as PKCS#10 or the Cryptographic Message Syntax (CMS) standard with Common Messaging Calls (CMC) as specified in [RFC2797].

Request_Request_Flags: Column name "Request.RequestFlags". Additional certificate request information.

The following are examples of request flag values. These flag values can be used in any combination.

Name

Value

Description

CR_FLG_FORCETELETEX

0x00000001

For encoding of the subject information in the certificate, a T61String type is used for elements that contain a Unicode character in the value.

CR_FLG_RENEWAL

0x00000002

The certificate request is a renewal request.

CR_FLG_FORCEUTF8

0x00000004

For encoding of the subject information in the certificate, a UTF8String type is used for elements that contain a Unicode character in the value.

CR_FLG_CAXCHGCERT

0x00000008

The certificate is the exchange certificate of the CA.

CR_FLG_ENROLLONBEHALFOF

0x00000010

The certificate request is an Enroll-on-behalf-of request.

CR_FLG_SUBJECTUNMODIFIED

0x00000020

The subject information in the certificate is an unmodified binary copy of the subject information from the certificate request.

CR_FLG_VALIDENCRYPTEDKEYHASH

0x00000040

For a certificate request with key archival, the CMC Full response includes the szOID_ENCRYPTED_KEY_HASH attribute.

CR_FLG_CACROSSCERT

0x00000080

The certificate is the cross certificate of the CA.

CR_FLG_ENFORCEUTF8

0x00000100

For encoding of the subject information in the certificate, a UTF8String type is used for directory string elements.

CR_FLG_DEFINEDCACERT

0x00000200

The certificate request contains an Authority Key Identifier extension that identifies the desired CA signing key for the certificate.

CR_FLG_CHALLENGEPENDING *

0x00000400

An attestation challenge ([MS-WCCE] section 3.2.2.6.2.1.2.6) for the corresponding certificate request has been sent to the client, and the server is waiting for a response.

CR_FLG_CHALLENGESATISFIED *

0x00000800

The client responded correctly to the attestation challenge for the corresponding certificate request ([MS-WCCE] section 3.2.2.6.2.1.2.7).

CR_FLG_TRUSTONUSE *

0x00001000

Verification of the requester's credentials for key attestation has succeeded ([MS-WCCE] section 3.2.2.6.2.1.2.5).

CR_FLG_TRUSTEKCERT *

0x00002000

Verification of the client's TPM hardware certificate for key attestation has succeeded ([MS-WCCE] section 3.2.2.6.2.1.2.5).

CR_FLG_TRUSTEKKEY *

0x00004000

Verification of the public key of the client's TPM's hardware key pair for key attestation has succeeded ([MS-WCCE] section 3.2.2.6.2.1.2.5).

CR_FLG_PUBLISHERROR

0x80000000

The CA had difficulty publishing the certificate to the directory that is specified in the userCertificate attribute of the entity.

* Support for these flags is specified in the following product behavior note.<6>

Request_Status_Code: Column name "Request.StatusCode". Indicates whether the request was successful.

The value is 0 if the request processed successfully. Otherwise, this field contains an error code that results from request processing. Error codes are as specified in section 2.2.5 of this document and in [MS-ERREF].

Request_Disposition_Message: Column name "Request.DispositionMessage". The text description of Request_Disposition. Request_Disposition_Message is for presentation to a user and can contain any text string, including NULL, that the implementer considers informative.

Request_Submitted_When: Column name "Request.SubmittedWhen". The CERTTIME that a request was received by the CA.

Request_Resolved_When: Column name "Request.ResolvedWhen". The CERTTIME that the CA completed request processing (whether successfully or unsuccessfully).

Request_Revoked_When: Column name "Request.RevokedWhen". The CERTTIME that the CA processed a call to the ICertAdminD::RevokeCertificate function. This field is initialized as NULL and updated by the ICertAdminD::RevokeCertificate function.

Request_Requester_Name: Column name "Request.RequesterName". The RequesterName that is included in the certificate request.

Request_Caller_Name: Column name "Request.CallerName".  The user or machine context that submitted the certificate request to the CA.

Request_Signer_Policies: Column name "Request.SignerPolicies". The list of valid certificate policy OIDs (1) for each signer certificate from the certificate request.

Request_Signer_Application_Policies: Column name "Request.SignerApplicationPolicies". The list of valid Extended Key Usage OIDs (1) for each signer certificate from the certificate request.

Request_Officer: Column name "Request.Officer". Indicates whether the caller is the certificate manager of the entity that corresponds to the Request_Requester_Name.

Request_Distinguished_Name: Column name "Request.DistinguishedName". The distinguished name (DN) from the Subject attribute of the certificate request (string representation).

Request_Raw_Name: Column name "Request.RawName". Subject information from the certificate request (ASN.1 DER encoded).

Request_Country: Column name "Request.Country". The country attribute of the DN from the Subject of the certificate request.

Request_Organization: Column name "Request.Organization". The organization attribute of the DN from the Subject of the certificate request.

Request_Org_Unit: Column name "Request.OrgUnit". The organizational-unit attribute of the DN from the Subject of the certificate request.

Request_Common_Name: Column name "Request.CommonName". The common name attribute of the DN from the Subject of the certificate request.

Request_Locality: Column name "Request.Locality". The locality attribute of the DN from the Subject of the certificate request.

Request_State: Column name "Request.State". The state or province name attribute of the DN from the Subject of the certificate request.

Request_Title: Column name "Request.Title". The title attribute of the DN from the Subject of the certificate request.

Request_Given_Name: Column name "Request.GivenName". The given name (also called first name) attribute of the DN from the Subject of the certificate request.

Request_Initials: Column name "Request.Initials". The initials attribute of the DN from the Subject of the certificate request.

Request_SurName: Column name "Request.SurName". The surname attribute of the DN from the Subject of the certificate request.

Request_Domain_Component: Column name "Request.DomainComponent". The domainComponent attribute of the DN from the Subject of the certificate request.

Request_Email: Column name "Request.EMail". The EmailAddress attribute of the DN from the Subject of the certificate request.

Request_Street_Address: Column name "Request.StreetAddress". The street address attribute of the DN from the Subject of the certificate request.

Request_Unstructured_Name: Column name "Request.UnstructuredName". The unstructured name attribute of the DN from the Subject of the certificate request.

Request_Unstructured_Address: Column name "Request.UnstructuredAddress". The unstructured address attribute of the DN from the Subject of the certificate request.

Request_Device_Serial_Number: Column name "Request.DeviceSerialNumber". The device serial number attribute of the DN from the Subject of the certificate request.

Request_RequesterName_From_Old_Certificate: Column name "Request.RequesterNameFromOldCertificate". For a renewal request that is signed by the previously issued certificate, the subject name of the old certificate.<7>

Request_Attestation_Challenge: Column name "Request.AttestationChallenge". The secret passed to the client in the attestation challenge message, encrypted with the CA exchange certificate.

Request_Endorsement_Key_Hash: Column name "Request.EndorsementKeyHash". The SHA-2 hash of the hardware key that was used to TPM-attest the request.

Request_Endorsement_Certificate_Hash: Column name "Request.EndorsementCertificateHash". The SHA2 hash of the hardware certificate used to TPM-attest the request.

Request_ID: Column name "RequestID". The RequestID that corresponds to an issued certificate.

Certificate_Hash: Column name "CertificateHash". The SHA-1 hash over the value of the Raw_Certificate column.

Certificate_Template: Column name "CertificateTemplate". extnValue of extension with OID (1) 1.3.6.1.4.1.311.20.2 of issued certificate.

Enrollment_Flags: Column name "EnrollmentFlags". The values that are defined in "EnrollmentFlags" from [MS-CRTD].

General_Flags: Column name "GeneralFlags". The values that are defined in "GeneralFlags" from [MS-CRTD].

Issuer_Name_Id: Column name "IssuerNameId". A sequential number that indicates which CA key signed the issued certificate.

Not_Before: Column name "NotBefore". The CERTTIME that provides the value for the Validity->notBefore field ([RFC3280] section 4.1.2.5) of the issued certificate.

Not_After: Column name "NotAfter". The CERTTIME that provides the value for the Validity->notAfter field ([RFC3280] section 4.1.2.5) of the issued certificate.

Subject_Key_Identifier: Column name "SubjectKeyIdentifier". The SubjectKeyIdentifier extension ([RFC3280] section 4.2.1.2) of the issued certificate.

Raw_Public_Key: Column name "RawPublicKey". The SubjectPublicKeyInfo->subjectPublicKey field [RFC3280] of the issued certificate.

Public_Key_Length: Column name "PublicKeyLength". The length of the SubjectPublicKeyInfo->subjectPublicKey field of the issued certificate.

Public_Key_Algorithm: Column name "PublicKeyAlgorithm". The SubjectPublicKeyInfo->algorithm->algorithm field of the issued certificate.

Raw_Public_Key_Algorithm_Parameters: Column name "RawPublicKeyAlgorithmParameters". The SubjectPublicKeyInfo->algorithm->parameters field of the issued certificate.

UPN: Column name "UPN". The UPN alternate name entry from the SubjectAltName extension in the certificate.

Distinguished_Name: Column name "DistinguishedName". The Subject field ([RFC3280] section 4.1.2.6) of the issued certificate (string representation).

Raw_Name: Column name "RawName". The Subject information of the issued certificate (ASN.1 DER encoded).

Country: Column name "Country". The country attribute of the certificate Subject.

Organization: Column name "Organization". The organization attribute of the certificate Subject.

Org_Unit: Column name "OrgUnit". The organizational-unit attribute of the certificate Subject.

Common_Name: Column name "CommonName". The common name attribute of the certificate Subject.

Locality: Column name "Locality". The locality attribute of the certificate Subject.

State: Column name "State". The state or province name attribute of the certificate Subject.

Title: Column name "Title". The title attribute of the certificate Subject.

Given_Name: Column name "GivenName". The given name attribute of the certificate Subject.

Initials: Column name "Initials". The initials attribute of the certificate Subject.

SurName: Column name "SurName". The surname attribute of the certificate Subject.

Domain_Component: Column name "DomainComponent". The domainComponent attribute of the certificate Subject.

Email: Column name "EMail". The [RFC822] Name attribute from the Subject Alternative Name of the issued certificate.

Street_Address: Column name "StreetAddress". The street address attribute of the certificate Subject.

Unstructured_Name: Column name "UnstructuredName". The unstructured name attribute of the certificate Subject.

Unstructured_Address: Column name "UnstructuredAddress". The unstructured address attribute of the certificate Subject.

Device_Serial_Number: Column name "DeviceSerialNumber". The serial number attribute of the certificate Subject.