IX509ExtensionAlternativeNames interface (certenroll.h)
The IX509ExtensionAlternativeNames interface enables you to specify one or more alternative name forms for the subject of a certificate. A certification authority processes the extension by binding the names to the certified public key. The following syntax shows the Abstract Syntax Notation One (ASN.1) structure of the extension. The extension value is encoded by using Distinguished Encoding Rules (DER) and included in the certificate request.
----------------------------------------------------------------------
-- AlternativeNames
-- XCN_OID_SUBJECT_ALT_NAME2 (2.5.29.17)
----------------------------------------------------------------------
AltNames ::= SEQUENCE --#public-- OF GeneralName
GeneralNames ::= AltNames
GeneralName ::= CHOICE
{
otherName [0] IMPLICIT OtherName,
rfc822Name [1] IMPLICIT IA5STRING,
dNSName [2] IMPLICIT IA5STRING,
x400Address [3] IMPLICIT SeqOfAny, -- Not supported
directoryName [4] EXPLICIT ANY,
ediPartyName [5] IMPLICIT SeqOfAny,
uniformResourceLocator [6] IMPLICIT IA5STRING,
iPAddress [7] IMPLICIT OCTETSTRING,
registeredID [8] IMPLICIT EncodedObjectID -- Not supported
}
OtherName ::= SEQUENCE
{
type EncodedObjectID,
value [0] EXPLICIT NOCOPYANY
}
If you initialize this extension by using an IAlternativeNames collection, the following name types are supported.
| Value | Description |
|---|---|
| XCN_CERT_ALT_NAME_OTHER_NAME | The name consists of an object identifier and a byte array that contains the name. |
| XCN_CERT_ALT_NAME_RFC822_NAME | The name is an email address. |
| XCN_CERT_ALT_NAME_DNS_NAME | The name is a Domain Name System name. |
| XCN_CERT_ALT_NAME_DIRECTORY_NAME | The name is an X.500 directory name. |
| XCN_CERT_ALT_NAME_URL | The name is a URL. |
| XCN_CERT_ALT_NAME_IP_ADDRESS | The name is an Internet Protocol (IP) address. |
| XCN_CERT_ALT_NAME_REGISTERED_ID | The name is a registered object identifier (OID). |
| XCN_CERT_ALT_NAME_GUID | The name is a GUID. This is a form of otherName. |
| XCN_CERT_ALT_NAME_USER_PRINCIPLE_NAME | The name is a user principal name (UPN). The UPN format is based on RFC 822. |
To add this extension object to a PKCS #10 request or a CMC request, you must first add it to an IX509Extensions collection and use the collection to initialize an IX509AttributeExtensions object. For more information, see the PKCS #10 Extensions and the CMC Extensions topics.
Inheritance
The IX509ExtensionAlternativeNames interface inherits from IX509Extension. IX509ExtensionAlternativeNames also has these types of members:
Methods
The IX509ExtensionAlternativeNames interface has these methods.
| IX509ExtensionAlternativeNames::get_AlternativeNames Retrieves a collection of subject alternative names. |
| IX509ExtensionAlternativeNames::InitializeDecode Initializes the extension from a Distinguished Encoding Rules (DER) encoded byte array that contains the extension value. (IX509ExtensionAlternativeNames.InitializeDecode) |
| IX509ExtensionAlternativeNames::InitializeEncode Initializes the extension from an IAlternativeNames collection. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | certenroll.h |