For szOID_NETSCAPE_CERT_RENEWAL_URL extension, CryptEncodeObject, CryptEncodeObjectEx, CryptDecodeObject, or CryptDecodeObjectEx can be called with lpszStructType set to X509_ANY_STRING or X509_UNICODE_ANY_STRING.
A relative or absolute URL points to a certificate renewal form. The renewal form will be accessed with an HTTP GET method using a url that is the concatenation of renewal-url and certificate-serial-number. The certificate-serial-number is encoded as a string of ascii hexadecimal digits. For example, if the netscape-base-url is https://www.certs-r-us.com/, the netscape-cert-renewal-url is cgi-bin/check-renew.cgi?, and the certificate serial number is 173420, the resulting URL would be: https://www.certs-r-us.com/cgi-bin/check-renew.cgi?02a56c The document returned should be an HTML form that will allow the user to request a renewal of their certificate.
The following details apply:
"2.16.840.1.113730.1.7"
pvStructInfo points to a CERT_NAME_VALUE structure. The dwValueType member of the CERT_NAME_VALUE is set to CERT_RDN_IA5_STRING. The Value member's pbData member points to an IA5_STRING that is a relative or absolute URL that points to a certificate renewal form.
When encoding, use X509_ANY_STRING when the string format in the Value member's pbData member is Ascii, and use X509_UNICODE_ANY_STRING when the string format is UNICODE. For the UNICODE case, before encoding, the string is converted to an IA5_STRING as specified by setting dwValueType to CERT_RDN_IA5_STRING.
For decoding, the user has the option of selecting the format of the string that is output to the CERT_NAME_VALUE structure. Use X509_ANY_STRING when the desired string format is Ascii, and use X509_UNICODE_ANY_STRING when the desired string format is UNICODE.