Create a Computer Request Including IP address Subject Alternative Name

Question

I'm trying to create a request with IP address SAN. This is the function that is responsible for creating the CAlternativeName:

public static CAlternativeNameClass GetCurrentIpName() {
    //get current machine IP address
    IPAddress ip = GetCurrentIp();

    if (ip == null) {
        return null;
    }

    try {
       CAlternativeNameClass nameClass = new CAlternativeNameClass();
       nameClass.InitializeFromString(AlternativeNameType.XCN_CERT_ALT_NAME_IP_ADDRESS, ip.ToString());
       return nameClass;   
    } catch (Exception e) {
        Console.WriteLine(e);
        return null;
    }
}

The problem is that I'm getting the next error:

System.ArgumentException: Value does not fall within the expected range.
              at CERTENROLLLib.CAlternativeNameClass.InitializeFromString(AlternativeNameType Type, String strValue)

What am I doing wrong?

Answer 1

InitializeFromString does not accept an AlternativeNameType of XCN_CERT_ALT_NAME_IP_ADDRESS**. You have to use InitializeFromRawData instead. The error is something of a misnomer because it's not actually the value parameter that's the issue, it's the type, but hey.

InitializeFromRawData takes a string as input (because this is Microsoft, not Ronseal), so you need to encode your raw data as a string so it can turn it in to raw data again:

String ipBase64 = Convert.ToBase64String(ip.GetAddressBytes());
nameClass.InitializeFromRawData(AlternativeNameType.XCN_CERT_ALT_NAME_IP_ADDRESS, EncodingType.XCN_CRYPT_STRING_BASE64, ipBase64);

About as intuitive as an Escher artpiece.

** Source: http://msdn.microsoft.com/en-us/library/windows/desktop/aa375024%28v=vs.85%29.aspx