6

I'm currently using CertGetNameString to extract the values for each subject attribute like so:

CertGetNameString(pCertificate, CERT_NAME_ATTR_TYPE, 0, szOID_ORGANIZATIONAL_UNIT_NAME, buf, _countof(buf));

However some certificates I've found have multiple values for the organizational unit name (OU) and CertGetNameString can only read the first. For instance this is the subject of an Adobe certificate:

CN = Adobe Systems, Incorporated OU = Acrobat Engineering OU = Digital ID Class 3 - Microsoft Software Validation v2 O = Adobe Systems, Incorporated L = San Jose S = California C = US

How can I read all values for the OU (and other) attribute(s) using CryptoAPI?

Improve this question

1 Answer 1

Reset to default
18

Ok, found the solution. The correct API to use is CertNameToStr, like so:

 CertNameToStr(X509_ASN_ENCODING, &pCertificate->pCertInfo->Subject, CERT_X500_NAME_STR, buf, _countof(buf));

It will return a string such as:

C=US, S=California, L=San Jose, O="Adobe Systems, Incorporated", OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Acrobat Engineering, CN="Adobe Systems, Incorporated"

Which can then be parsed if individual attribute values are required.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.