Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Certificate requests MAY use the Netscape request format, which MUST be the same format that a Netscape 3.x or Network 4.x browser would send to a web server in response to an HTML <KEYGEN> tag (section 1.3.2.4) after a user fills in the information into the request form that it instantiates.
The data sent in the request string is called a Signed Public Key and Challenge (SPKAC) and MUST be encoded as specified in the following ASN.1 structure example.
-
PublicKeyAndChallenge ::= SEQUENCE { spki SubjectPublicKeyInfo, challenge IA5STRING } SignedPublicKeyAndChallenge ::= SEQUENCE { publicKeyAndChallenge PublicKeyAndChallenge, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING }
Two attributes are associated with a request from a Netscape browser: CertType and rdn. These attributes MUST be passed along with the Netscape certificate request in the pwszAttributes to ICertRequestD::Request or ICertRequestD2::Request2 methods. Method specifications are in sections 3.2.1.4.2.1 and 3.2.1.4.3.1.