Classic ASP
Classic ASP
Generate a CSR with keyUsage, extKeyUsage, and other Extensions
See more CSR Examples
Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest with the following extensions:- 1.3.6.1.4.1.311.20.2 enrollCerttypeExtension
- 2.5.29.15 keyUsage
- 2.5.29.37 extKeyUsage
- 2.5.29.14 subjectKeyIdentifier
Chilkat Classic ASP Downloads
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0
' This requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.
' This example will generate a secp256r1 ECDSA key for the CSR.
set ecc = Server.CreateObject("Chilkat.Ecc")
set prng = Server.CreateObject("Chilkat.Prng")
set privKey = Server.CreateObject("Chilkat.PrivateKey")
success = ecc.GenKey("secp256r1",prng,privKey)
If (success = 0) Then
Response.Write "<pre>" & Server.HTMLEncode( "Failed to generate a new ECDSA private key.") & "</pre>"
Response.End
End If
set csr = Server.CreateObject("Chilkat.Csr")
' Add common CSR fields:
csr.CommonName = "mysubdomain.mydomain.com"
csr.Country = "GB"
csr.State = "Yorks"
csr.Locality = "York"
csr.Company = "Internet Widgits Pty Ltd"
csr.EmailAddress = "support@mydomain.com"
' Add the following 1.2.840.113549.1.9.14 extensionRequest
' Note: The easiest way to know the content and format of the XML to be added is to examine
' a pre-existing CSR with the same desired extensionRequest. You can use Chilkat to
' get the extensionRequest from an existing CSR.
'
' Here is a sample extension request:
' <?xml version="1.0" encoding="utf-8"?>
' <set>
' <sequence>
' <sequence>
' <oid>1.3.6.1.4.1.311.20.2</oid>
' <asnOctets>
' <universal tag="30" constructed="0">AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABl
' AF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx</universal>
' </asnOctets>
' </sequence>
' <sequence>
' <oid>2.5.29.15</oid>
' <bool>1</bool>
' <asnOctets>
' <bits n="3">A0</bits>
' </asnOctets>
' </sequence>
' <sequence>
' <oid>2.5.29.37</oid>
' <asnOctets>
' <sequence>
' <oid>1.3.6.1.5.5.7.3.3</oid>
' </sequence>
' </asnOctets>
' </sequence>
' <sequence>
' <oid>2.5.29.14</oid>
' <asnOctets>
' <octets>MCzBMQAViXBz8IDt8LsgmJxJ4Xg=</octets>
' </asnOctets>
' </sequence>
' </sequence>
' </set>
' Use this online tool to generate code from sample XML:
' Generate Code to Create XML
' A few notes:
' The string "AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABlAF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx"
' is the base64 encoding of the utf-16be byte representation of the string "EndEntityClientAuthCertificate_CSRPassthrough/V1"
s = "EndEntityClientAuthCertificate_CSRPassthrough/V1"
set bdTemp = Server.CreateObject("Chilkat.BinData")
success = bdTemp.AppendString(s,"utf-16be")
s_base64_utf16be = bdTemp.GetEncoded("base64")
' The string should be "AEUA....."
Response.Write "<pre>" & Server.HTMLEncode( s_base64_utf16be) & "</pre>"
' Here's the code to generate the above extension request.
set xml = Server.CreateObject("Chilkat.Xml")
xml.Tag = "set"
xml.UpdateChildContent "sequence|sequence|oid","1.3.6.1.4.1.311.20.2"
success = xml.UpdateAttrAt("sequence|sequence|asnOctets|universal",1,"tag","30")
success = xml.UpdateAttrAt("sequence|sequence|asnOctets|universal",1,"constructed","0")
xml.UpdateChildContent "sequence|sequence|asnOctets|universal",s_base64_utf16be
xml.UpdateChildContent "sequence|sequence[1]|oid","2.5.29.15"
xml.UpdateChildContent "sequence|sequence[1]|bool","1"
success = xml.UpdateAttrAt("sequence|sequence[1]|asnOctets|bits",1,"n","3")
' A0 is hex for decimal 160.
xml.UpdateChildContent "sequence|sequence[1]|asnOctets|bits","A0"
xml.UpdateChildContent "sequence|sequence[2]|oid","2.5.29.37"
xml.UpdateChildContent "sequence|sequence[2]|asnOctets|sequence|oid","1.3.6.1.5.5.7.3.3"
' This is the subjectKeyIdentifier extension.
' The string "MCzBMQAViXBz8IDt8LsgmJxJ4Xg=" is base64 that decodes to 20 bytes, which is a SHA1 hash.
' This is simply a hash of the DER of the public key.
set pubKey = Server.CreateObject("Chilkat.PublicKey")
success = privKey.ToPublicKey(pubKey)
set bdPubKeyDer = Server.CreateObject("Chilkat.BinData")
success = bdPubKeyDer.AppendEncoded(pubKey.GetEncoded(1,"base64"),"base64")
ski = bdPubKeyDer.GetHash("sha1","base64")
xml.UpdateChildContent "sequence|sequence[3]|oid","2.5.29.14"
xml.UpdateChildContent "sequence|sequence[3]|asnOctets|octets",ski
' Add the extension request to the CSR
success = csr.SetExtensionRequest(xml)
' Generate the CSR with the extension request
csrPem = csr.GenCsrPem(privKey)
If (csr.LastMethodSuccess = 0) Then
Response.Write "<pre>" & Server.HTMLEncode( csr.LastErrorText) & "</pre>"
Response.End
End If
Response.Write "<pre>" & Server.HTMLEncode( csrPem) & "</pre>"
%>
</body>
</html>