Hi all,

 

We've already seen How to add Subject Alternative Name to your certificate requests (C#). What if we want to set Alternative Directory Name (XCN_CERT_ALT_NAME_DIRECTORY_NAME) in addition to Subject Alternative Name (XCN_CERT_ALT_NAME_RFC822_NAME)?

 

The interface we use for the alternative names has different methods that we can use depending on the value we want to set:

IAlternativeName interface
"
You can initialize an IAlternativeName object from an AlternativeNameType enumeration. The following types are available, but they are supported by different initialization methods as indicated.

Value: XCN_CERT_ALT_NAME_RFC822_NAME
Description: The name is an email address.
Initialization method:  InitializeFromString

Value: XCN_CERT_ALT_NAME_DIRECTORY_NAME
Description: The name is an X.500 directory name.
Initialization method:  InitializeFromRawData
"

 

The C# code to set both Subject Alternative Name and Alternative Directory Name should look like this then:

 string strRfc822Name = "myuser@mydomain.com"; 
string strDirectoryName = "CN=myuser";
...
CAlternativeName objRfc822Name = new CAlternativeName();
CX500DistinguishedName objX500 = new CX500DistinguishedName();
string strDirectory = null;
CAlternativeName objDirectoryName = new CAlternativeName();
CAlternativeNames objAlternativeNames = new CAlternativeNames();
CX509ExtensionAlternativeNames objExtensionAlternativeNames = new CX509ExtensionAlternativeNames();
...

// Set Alternative RFC822 Name
objRfc822Name.InitializeFromString(AlternativeNameType.XCN_CERT_ALT_NAME_RFC822_NAME, strRfc822Name);

// Set Alternative Directory Name
objX500.Encode(strDirectoryName, X500NameFlags.XCN_CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG);
strDirectory = objX500.get_EncodedName(EncodingType.XCN_CRYPT_STRING_BINARY);
objDirectoryName.InitializeFromRawData(AlternativeNameType.XCN_CERT_ALT_NAME_DIRECTORY_NAME, EncodingType.XCN_CRYPT_STRING_BINARY, strDirectory);

// Set Alternative Names
objAlternativeNames.Add(objRfc822Name);
objAlternativeNames.Add(objDirectoryName);
objExtensionAlternativeNames.InitializeEncode(objAlternativeNames);
objPkcs10.X509Extensions.Add((CX509Extension)objExtensionAlternativeNames);

 

I hope this helps.

Regards,

 

Alex (Alejandro Campos Magencio)