Classic ASP
Classic ASP
Duplicate openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr
See more OpenSSL Examples
Demonstrates how to duplicate this OpenSSL command:openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr
This command creates 2 files:
- mydomain.csr: this is the file to send to DigiCert or Let's Encrypt (or any other CA)
- mydomain.pem: this is the private key of the domain.
The second file is needed to pair with the certificate that will later be received from the CA.
Chilkat Classic ASP Downloads
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0
' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.
set rsa = Server.CreateObject("Chilkat.Rsa")
' Generate a 2048-bit key. Chilkat RSA supports
' key sizes ranging from 512 bits to 8192 bits.
set privKey = Server.CreateObject("Chilkat.PrivateKey")
success = rsa.GenKey(2048,privKey)
If (success = 0) Then
Response.Write "<pre>" & Server.HTMLEncode( rsa.LastErrorText) & "</pre>"
Response.End
End If
success = rsa.UsePrivateKey(privKey)
' Save the private key to unencrypted PKCS8 PEM
success = privKey.SavePkcs8PemFile("mydomain.pem")
' (alternatively) Save the private key to encrypted PKCS8 PEM
success = privKey.SavePkcs8EncryptedPemFile("myPassword","mydomain_enc.pem")
' We'll need the private key's modulus for the CSR.
' The modulus is not something that needs to be protected. Most people don't realize
' that a public key is actually just a subset of the private key. The public parts of
' an RSA private key are the modulus and exponent. The exponent is always 65537.
set privKeyXml = Server.CreateObject("Chilkat.Xml")
success = privKeyXml.LoadXml(privKey.GetXml())
' Get the modulus in base64 format:
keyModulus = privKeyXml.GetChildContent("Modulus")
' --------------------------------------------------------------------------------
' Now build the CSR using Chilkat's ASN.1 API.
' The keyModulus will be embedded within the ASN.1.
' A new ASN.1 object is automatically a SEQUENCE.
' Given that the CSR's root item is a SEQUENCE, we can use
' this as the root of our CSR.
set asnRoot = Server.CreateObject("Chilkat.Asn")
' Beneath the root, we have a SEQUENCE (the certificate request info),
' another SEQUENCE (the algorithm identifier), and a BITSTRING (the signature data)
success = asnRoot.AppendSequence()
success = asnRoot.AppendSequence()
' ----------------------------------
' Build the Certificate Request Info
' ----------------------------------
' asnCertReqInfo is a Chilkat.Asn
Set asnCertReqInfo = asnRoot.GetSubItem(0)
success = asnCertReqInfo.AppendInt(0)
' Build the Subject part of the Certificate Request Info
' asnCertSubject is a Chilkat.Asn
Set asnCertSubject = asnCertReqInfo.AppendSequenceR()
' Add each subject part..
' asnTemp is a Chilkat.Asn
Set asnTemp = asnCertSubject.AppendSetR()
success = asnTemp.AppendSequence2()
' AppendSequence2 updates the internal reference to the newly appended SEQUENCE.
' The OID and printable string are added to the SEQUENCE.
success = asnTemp.AppendOid("2.5.4.6")
success = asnTemp.AppendString("printable","US")
' asnTemp is a Chilkat.Asn
Set asnTemp = asnCertSubject.AppendSetR()
success = asnTemp.AppendSequence2()
success = asnTemp.AppendOid("2.5.4.8")
success = asnTemp.AppendString("utf8","Utah")
' asnTemp is a Chilkat.Asn
Set asnTemp = asnCertSubject.AppendSetR()
success = asnTemp.AppendSequence2()
success = asnTemp.AppendOid("2.5.4.7")
success = asnTemp.AppendString("utf8","Lindon")
' asnTemp is a Chilkat.Asn
Set asnTemp = asnCertSubject.AppendSetR()
success = asnTemp.AppendSequence2()
success = asnTemp.AppendOid("2.5.4.10")
success = asnTemp.AppendString("utf8","DigiCert Inc.")
' asnTemp is a Chilkat.Asn
Set asnTemp = asnCertSubject.AppendSetR()
success = asnTemp.AppendSequence2()
success = asnTemp.AppendOid("2.5.4.11")
success = asnTemp.AppendString("utf8","DigiCert")
' asnTemp is a Chilkat.Asn
Set asnTemp = asnCertSubject.AppendSetR()
success = asnTemp.AppendSequence2()
success = asnTemp.AppendOid("2.5.4.3")
success = asnTemp.AppendString("utf8","example.digicert.com")
' Build the Public Key Info part of the Certificate Request Info
' asnPubKeyInfo is a Chilkat.Asn
Set asnPubKeyInfo = asnCertReqInfo.AppendSequenceR()
' asnPubKeyAlgId is a Chilkat.Asn
Set asnPubKeyAlgId = asnPubKeyInfo.AppendSequenceR()
success = asnPubKeyAlgId.AppendOid("1.2.840.113549.1.1.1")
success = asnPubKeyAlgId.AppendNull()
' The public key itself is a BIT STRING, but the bit string is composed of ASN.1
' for the RSA public key. We'll first build the RSA ASN.1 for the public key
' (containing the 2048 bit modulus and exponent), and encoded it to DER, and then add
' the DER bytes as a BIT STRING (as a sub-item of asnPubKeyInfo)
' This is already a SEQUENCE..
set asnRsaKey = Server.CreateObject("Chilkat.Asn")
' The RSA modulus is a big integer.
success = asnRsaKey.AppendBigInt(keyModulus,"base64")
success = asnRsaKey.AppendInt(65537)
rsaKeyDerBase64 = asnRsaKey.GetEncodedDer("base64")
' Now add the RSA key DER as a BIT STRING.
success = asnPubKeyInfo.AppendBits(rsaKeyDerBase64,"base64")
' The last part of the certificate request info is an empty context-specific constructed item
' with a tag equal to 0.
success = asnCertReqInfo.AppendContextConstructed(0)
' Get the DER of the asnCertReqInfo.
' This will be signed using the RSA private key.
set bdDer = Server.CreateObject("Chilkat.BinData")
success = asnCertReqInfo.WriteBd(bdDer)
' Add the signature to the ASN.1
set bdSig = Server.CreateObject("Chilkat.BinData")
success = rsa.SignBd(bdDer,"SHA1",bdSig)
success = asnRoot.AppendBits(bdSig.GetEncoded("base64"),"base64")
' ----------------------------------
' Finally, add the algorithm identifier, which is the 2nd sub-item under the root.
' ----------------------------------
' asnAlgId is a Chilkat.Asn
Set asnAlgId = asnRoot.GetSubItem(1)
success = asnAlgId.AppendOid("1.2.840.113549.1.1.5")
success = asnAlgId.AppendNull()
' Write the CSR to a DER encoded binary file:
success = asnRoot.WriteBinaryDer("qa_output/mydomain.csr")
If (success = 0) Then
Response.Write "<pre>" & Server.HTMLEncode( asnRoot.LastErrorText) & "</pre>"
Response.End
End If
' It is also possible to get the CSR in base64 format:
csrBase64 = asnRoot.GetEncodedDer("base64")
Response.Write "<pre>" & Server.HTMLEncode( "Base64 CSR:") & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( csrBase64) & "</pre>"
%>
</body>
</html>