Starting with PSPKI v3.0, this process become much easier:
And to view SAN extension values, the following technique could be used:
We access Extension table and select extension raw value (which is base64-encoded), convert to a byte array and instantiate AsnEncodedData and then construct SAN extension object. There is AlternativeNames property which contains all SAN with their types, values and raw values. More details here: X509SubjectAlternativeNamesExtension Class
$extension= get-ca $ca | Get-DatabaseRow -RowID $RequestID-Table Extension | ?{$_.ExtensionName -eq"2.5.29.17"} if ($extension) { Write-Host Request with Id=$RequestID is configured for SAN } esle { Write-Host Request with Id=$RequestID is NOT configured for SAN }
$base64= (get-ca $ca | Get-DatabaseRow -RowID $RequestID-Table Extension | ?{$_.ExtensionName -eq"2.5.29.17"}).ExtensionRawValue $asn= New-Object Security.Cryptography.AsnEncodedData (,[Convert]::FromBase64String($base64)) $san= New-Object Security.Cryptography.X509Certificates.X509SubjectAlternativeNamesExtension $asn, $false$san.AlternativeNames