|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(AutoIt) Renew a DigiCert Certificate from an EST-enabled profileDemonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.)
; This example requires the Chilkat API to have been previously unlocked. ; See Global Unlock Sample for sample code. ; The example below duplicates the following OpenSSL commands: ; ; # Name of certificate as argument 1 ; ; # Make new key ; openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem ; ; # Make csr ; openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}" ; ; # Request new cert ; curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem ; --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll ; ; # Convert to PEM ; openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem ; ------------------------------------------------------------------------------------------------------------------ ; Create a Fortuna PRNG and seed it with system entropy. ; This will be our source of random data for generating the ECC private key. $oFortuna = ObjCreate("Chilkat.Prng") Local $sEntropy = $oFortuna.GetEntropy(32,"base64") Local $bSuccess = $oFortuna.AddEntropy($sEntropy,"base64") $oEc = ObjCreate("Chilkat.Ecc") ; Generate a random EC private key on the prime256v1 curve. Local $oPrivKey = $oEc.GenEccKey("prime256v1",$oFortuna) If ($oEc.LastMethodSuccess <> True) Then ConsoleWrite($oEc.LastErrorText & @CRLF) Exit EndIf ; Create the CSR object and set properties. $oCsr = ObjCreate("Chilkat.Csr") ; Specify your CN $oCsr.CommonName = "mysubdomain.mydomain.com" ; Create the CSR using the private key. $oBdCsr = ObjCreate("Chilkat.BinData") $bSuccess = $oCsr.GenCsrBd($oPrivKey,$oBdCsr) If ($bSuccess = False) Then ConsoleWrite($oCsr.LastErrorText & @CRLF) Exit EndIf ; Save the private key and CSR to files. $oPrivKey.SavePkcs8EncryptedPemFile("password","c:/temp/qa_output/ec_privkey.pem") $oBdCsr.WriteFile("c:/temp/qa_output/csr.pem") ; ---------------------------------------------------------------------- ; Now do the CURL request to POST the CSR and get the new certificate. $oHttp = ObjCreate("Chilkat.Http") $oTlsClientCert = ObjCreate("Chilkat.Cert") $bSuccess = $oTlsClientCert.LoadFromFile("data/myTlsClientCert.pem") If ($bSuccess = False) Then ConsoleWrite($oTlsClientCert.LastErrorText & @CRLF) Exit EndIf $oBdTlsClientCertPrivKey = ObjCreate("Chilkat.BinData") $bSuccess = $oBdTlsClientCertPrivKey.LoadFile("data/myTlsClientCert.key.pem") If ($bSuccess = False) Then ConsoleWrite("Failed to load data/myTlsClientCert.key.pem" & @CRLF) Exit EndIf $oTlsClientCertPrivKey = ObjCreate("Chilkat.PrivateKey") $bSuccess = $oTlsClientCertPrivKey.LoadAnyFormat($oBdTlsClientCertPrivKey,"") If ($bSuccess = False) Then ConsoleWrite($oTlsClientCertPrivKey.LastErrorText & @CRLF) Exit EndIf $bSuccess = $oTlsClientCert.SetPrivateKey($oTlsClientCertPrivKey) If ($bSuccess = False) Then ConsoleWrite($oTlsClientCert.LastErrorText & @CRLF) Exit EndIf $oHttp.SetSslClientCert($oTlsClientCert) $oHttp.RequireSslCertVerify = True ; The body of the HTTP request contains the binary CSR. Local $oResp = $oHttp.PBinaryBd("POST","https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll",$oBdCsr,"application/pkcs10",False,False) If ($oHttp.LastMethodSuccess = False) Then ConsoleWrite($oHttp.LastErrorText & @CRLF) Exit EndIf If ($oResp.StatusCode <> 200) Then ConsoleWrite("response status code = " & $oResp.StatusCode & @CRLF) ConsoleWrite($oResp.BodyStr & @CRLF) ConsoleWrite("Failed" & @CRLF) Exit EndIf ; The response is the Base64 DER of the new certificate. $oMyNewCert = ObjCreate("Chilkat.Cert") $bSuccess = $oMyNewCert.LoadFromBase64($oResp.BodyStr) If ($bSuccess = False) Then ConsoleWrite($oMyNewCert.LastErrorText & @CRLF) ConsoleWrite("Cert data = " & $oResp.BodyStr & @CRLF) ConsoleWrite("Failed." & @CRLF) Exit EndIf $bSuccess = $oMyNewCert.SaveToFile("c:/temp/qa_output/myNewCert.cer") If ($bSuccess = False) Then ConsoleWrite($oMyNewCert.LastErrorText & @CRLF) ConsoleWrite("Failed." & @CRLF) Exit EndIf ConsoleWrite("Success." & @CRLF) |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.