Setting Certificate Extensions

Extensions that have the default data types DATE, long, and BSTR can be set by the policy module without having to call the default extension handler or a custom handler. The policy module simply calls ICertServerPolicy::SetCertificateExtension with the Type parameter set to the corresponding property type of PROPTYPE_DATE, PROPTYPE_LONG, or PROPTYPE_STRING, and passes the extension to the Server Engine. The Server Engine then performs the ASN encoding before storing the extension in the certificate.

Extensions that have data types other than the default types must be ASN encoded by an extension handler before being passed by the policy module to the Server Engine. When the policy module calls ICertServerPolicy::SetCertificateExtension to pass an ASN encoded extension to the Server Engine, the Type parameter must be set to PROPTYPE_BINARY. The Server Engine then stores the pre-encoded extension in the certificate.