Country/State Code Validity Not Checked Via Certificate Request (180342)



The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional

This article was previously published under Q180342

SUMMARY

When you fill out a certificate request through the Identifying Information window, valid entries must be entered for the Distinguished Name (DN) fields such as for Common Name (CN), State, Country, and so on. However, the certificate processing code does not check for a valid State or Country entry as it does for the remaining entries.

MORE INFORMATION

Currently, country codes follow the ISO 3166 abbreviations but Certificate Server does not enforce these to be entered correctly; the same applies for state. The reason for this is because forcing a valid entry for the various states and provinces of every country in the world would require a tremendous amount of checking and any declared standard is likely to become obsolete soon after implementation.

An up-to-date table of ISO 3166 codes built into Certificate Server or available as a system-wide service would be required to make this practical. However, in the long run, this would not be a practical solution from a user's standpoint because, if the country codes change, users would be required to obtain a new release or update of the valid Country and State/Province codes.

Modification Type:MajorLast Reviewed:2/24/2004
Keywords:kbinfo KB180342