Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Lightweight Directory Access Protocol (LDAP) limits subelements to a maximum of 64 [UNICODE] characters. Because the Windows Client Certificate Enrollment Protocol uses Active Directory [MS-ADTS] to communicate with the directory for retrieval and storage of certificates and certificate templates, objects with longer names (in excess of 64 [UNICODE] characters) necessitates sanitation.
The algorithm for creating a sanitized name is specified in section 3.1.1.4.1.1.
In the following example, the number sign (#) is replaced by !0023, the percent (%) is replaced by !0025, and the carat symbol (^) is replaced by !005e.
-
Original Name: 'LongCAName(WithSpeci@#$%^Characters' Sanitized Name: 'LongCAName!0028WithSpeci@!0023$!0025!005eCharacters'
The algorithm for creating a sanitized name is specified in section 3.1.1.4.1.1.