Discuss this help topic in SecureBlackbox Forum
Set request extensions
To manage certificate request extensions, you need to use Extensions property of TElCertificateRequest class. This property is a reference to the instance of TElCertificateExtensions class, which represents X.509 certificate extensions and certificate request extensions.
If you need to set one of predefined extensions, you need to use one of the numerous properties of TElCertificateExtensions class. Also, you must include the corresponding flag in Included property of TElCertificateExtensions class, to signal that the extension is set and must be included into the certificate or certificate request.
Note that key usage of the certificate is usually determined by certificate issuer, and setting it in a certificate request makes little sense.
If you need to add some custom extension, for which there's no predefined extension class available in SecureBlackbox, you can use OtherExtensions[] and OtherCount properties of TElCertificateExtensions class. To add the custom extension, increase the value of OtherCount property, then access the object (an instance of TElCustomExtension class), which represents the extension, by reading OtherExtensions[] element with "OtherCount - 1" index. To remove custom extension use RemoveOther() method of TElCertificateExtensions class.
For more information about certificate requests see PKCS #10 on http://www.rsa.com.
For more information about certificate extensions see RFC 3280.
