I'm currently using CertGetNameString
to extract the values for each subject attribute like so:
CertGetNameString(pCertificate,
CERT_NAME_ATTR_TYPE,
0,
szOID_ORGANIZATIONAL_UNIT_NAME,
buf,
_countof(buf));
However some certificates I've found have multiple values for the organizational unit name (OU) and CertGetNameString
can only read the first. For instance this is the subject of an Adobe certificate:
CN = Adobe Systems, Incorporated
OU = Acrobat Engineering
OU = Digital ID Class 3 - Microsoft Software Validation v2
O = Adobe Systems, Incorporated
L = San Jose
S = California
C = US
How can I read all values for the OU (and other) attribute(s) using CryptoAPI?
Ok, found the solution. The correct API to use is CertNameToStr
, like so:
CertNameToStr(X509_ASN_ENCODING,
&pCertificate->pCertInfo->Subject,
CERT_X500_NAME_STR,
buf,
_countof(buf));
It will return a string such as:
C=US, S=California, L=San Jose, O="Adobe Systems, Incorporated", OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Acrobat Engineering, CN="Adobe Systems, Incorporated"
Which can then be parsed if individual attribute values are required.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With