3.2.1.4.2.1.4.4 Storing Request Parameters in the Request Table
The CA MUST create a new row in the Request table and set the following values:
Request_Request_ID: Assign a unique value in this column.
Request_Disposition: Assign the value "request pending".
Request_Raw_Request: Assign the value of the pb field of the CERTTRANSBLOB structure contained in the pctbRequest parameter.
In addition, the CA MAY store request parameters in the Request table. If the CA decides to store the additional parameters, it MUST follow the processing rules specified in the following table. If the CA fails to store the request parameters in the Request table, the CA MUST return a nonzero error to the client. <77>
|
Column name |
Processing rules |
|---|---|
|
Request_Raw_Old_Certificate |
If the request is a renewal request, the CA MUST store the X.509 certificate passed in the Certificates field of the CMS request as specified in [RFC3852] section 5.1. |
|
Request_Request_Attributes |
The CA MUST store all the request attributes as specified in 2.2.2.7. |
|
Request_Request_Type |
The CA MUST store the type of the request as passed in the dwFlags parameter. See section 3.2.1.4.3.1.1 |
|
Request_Request_Flags |
The CA MUST store additional information on the request process in this column. Specified values are documented in [MS-CSRA] section 3.1.1.1.2. |
|
Request_Status_Code |
The CA MUST store the returned value from the call to ICertRequestD::Request or ICertRequestD2::Request2 methods. |
|
Request_Submitted_When |
The CA MUST store the time the request was received by the CA. |
|
Request_Resolved_When |
The CA MUST store the time the CA completed the request processing. |
|
Request_Requester_Name |
The CA MUST store the value of the requestername attribute that is passed in the request. |
|
Request_Caller_Name |
The value of the Per_Request.Caller_Account_Name ADM element. |
|
Request_Signer_Policies |
The CA MUST store the value of all the OIDs stored in the Policy extension of the certificate stored in the Certificate field in the CMS request as specified in [RFC3852] section 5.1. |
|
Request_Signer_Application_Policies |
The CA MUST store the value of all the OIDs stored in the EKU extension of the certificate stored in the Certificate field in the CMS request as specified in [RFC3852] section 5.1. |
|
Request_Officer |
The CA MUST store True if the caller name stored in the Request_Requester_Name column is an Officer_Rights as specified in [MS-CSRA]. |
|
Request_Distinguished_Name |
The CA MUST store the distinguished name (DN) from the Subject field of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Raw_Name |
The CA MUST store the Subject field of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Country |
The CA MUST store the Country attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Organization |
The CA MUST store the Organization attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Org_Unit |
The CA MUST store the Organizational-Unit attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Common_Name |
The CA MUST store the common name (CN) attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Locality |
The CA MUST store the Locality attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_State |
The CA MUST store the Province name attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Title |
The CA MUST store the Title attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Given_Name |
The CA MUST store the Given Name attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Initials |
The CA MUST store the Initials attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_SurName |
The CA MUST store the Surname attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Domain_Component |
The CA MUST store the Domain Component attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Email |
The CA MUST store the Email Address attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Street_Address |
The CA MUST store the Street Address attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Unstructured_Name |
The CA MUST store the Unstructured Name attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Unstructured_Address |
The CA MUST store the Unstructured Address attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Device_Serial_Number |
The CA MUST store the Device Serial Number attribute from the DN from the Subject of the certificate request as specified in [RFC3280] section 4.1.2.4. |
|
Request_Attestation_Challenge |
The CA MUST store the AttestationChallenge attribute from the certificate request. |
|
Request_Endorsement_Key_Hash |
The CA MUST store the SHA2 hash of the trust module key from the certificate request as a hexadecimal string with no spaces. |
|
Request_Endorsement_Certificate_Hash |
The CA MUST store the SHA2 hash of the trust module certificate used for attestation from the certificate request as a hexadecimal string with no spaces. |
|
Issuer_Name_Id
|
The CA MUST store the version information (section 3.2.1.4.3.2.39) of the current CA signing certificate as stored in the Signing_Cert_Certificate datum. |