AutoIt
AutoIt
Duplicate openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr
See more OpenSSL Examples
Demonstrates how to duplicate this OpenSSL command:openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr
This command creates 2 files:
- mydomain.csr: this is the file to send to DigiCert or Let's Encrypt (or any other CA)
- mydomain.pem: this is the private key of the domain.
The second file is needed to pair with the certificate that will later be received from the CA.
Chilkat AutoIt Downloads
Local $bSuccess = False
; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
$oRsa = ObjCreate("Chilkat.Rsa")
; Generate a 2048-bit key. Chilkat RSA supports
; key sizes ranging from 512 bits to 8192 bits.
$oPrivKey = ObjCreate("Chilkat.PrivateKey")
$bSuccess = $oRsa.GenKey(2048,$oPrivKey)
If ($bSuccess = False) Then
ConsoleWrite($oRsa.LastErrorText & @CRLF)
Exit
EndIf
$oRsa.UsePrivateKey($oPrivKey)
; Save the private key to unencrypted PKCS8 PEM
$bSuccess = $oPrivKey.SavePkcs8PemFile("mydomain.pem")
; (alternatively) Save the private key to encrypted PKCS8 PEM
$bSuccess = $oPrivKey.SavePkcs8EncryptedPemFile("myPassword","mydomain_enc.pem")
; We'll need the private key's modulus for the CSR.
; The modulus is not something that needs to be protected. Most people don't realize
; that a public key is actually just a subset of the private key. The public parts of
; an RSA private key are the modulus and exponent. The exponent is always 65537.
$oPrivKeyXml = ObjCreate("Chilkat.Xml")
$bSuccess = $oPrivKeyXml.LoadXml($oPrivKey.GetXml())
; Get the modulus in base64 format:
Local $sKeyModulus = $oPrivKeyXml.GetChildContent("Modulus")
; --------------------------------------------------------------------------------
; Now build the CSR using Chilkat's ASN.1 API.
; The keyModulus will be embedded within the ASN.1.
; A new ASN.1 object is automatically a SEQUENCE.
; Given that the CSR's root item is a SEQUENCE, we can use
; this as the root of our CSR.
$oAsnRoot = ObjCreate("Chilkat.Asn")
; Beneath the root, we have a SEQUENCE (the certificate request info),
; another SEQUENCE (the algorithm identifier), and a BITSTRING (the signature data)
$bSuccess = $oAsnRoot.AppendSequence()
$bSuccess = $oAsnRoot.AppendSequence()
; ----------------------------------
; Build the Certificate Request Info
; ----------------------------------
Local $oAsnCertReqInfo = $oAsnRoot.GetSubItem(0)
$bSuccess = $oAsnCertReqInfo.AppendInt(0)
; Build the Subject part of the Certificate Request Info
Local $oAsnCertSubject = $oAsnCertReqInfo.AppendSequenceR()
; Add each subject part..
Local $oAsnTemp = $oAsnCertSubject.AppendSetR()
$bSuccess = $oAsnTemp.AppendSequence2()
; AppendSequence2 updates the internal reference to the newly appended SEQUENCE.
; The OID and printable string are added to the SEQUENCE.
$bSuccess = $oAsnTemp.AppendOid("2.5.4.6")
$bSuccess = $oAsnTemp.AppendString("printable","US")
$oAsnTemp = $oAsnCertSubject.AppendSetR()
$bSuccess = $oAsnTemp.AppendSequence2()
$bSuccess = $oAsnTemp.AppendOid("2.5.4.8")
$bSuccess = $oAsnTemp.AppendString("utf8","Utah")
$oAsnTemp = $oAsnCertSubject.AppendSetR()
$bSuccess = $oAsnTemp.AppendSequence2()
$bSuccess = $oAsnTemp.AppendOid("2.5.4.7")
$bSuccess = $oAsnTemp.AppendString("utf8","Lindon")
$oAsnTemp = $oAsnCertSubject.AppendSetR()
$bSuccess = $oAsnTemp.AppendSequence2()
$bSuccess = $oAsnTemp.AppendOid("2.5.4.10")
$bSuccess = $oAsnTemp.AppendString("utf8","DigiCert Inc.")
$oAsnTemp = $oAsnCertSubject.AppendSetR()
$bSuccess = $oAsnTemp.AppendSequence2()
$bSuccess = $oAsnTemp.AppendOid("2.5.4.11")
$bSuccess = $oAsnTemp.AppendString("utf8","DigiCert")
$oAsnTemp = $oAsnCertSubject.AppendSetR()
$bSuccess = $oAsnTemp.AppendSequence2()
$bSuccess = $oAsnTemp.AppendOid("2.5.4.3")
$bSuccess = $oAsnTemp.AppendString("utf8","example.digicert.com")
; Build the Public Key Info part of the Certificate Request Info
Local $oAsnPubKeyInfo = $oAsnCertReqInfo.AppendSequenceR()
Local $oAsnPubKeyAlgId = $oAsnPubKeyInfo.AppendSequenceR()
$bSuccess = $oAsnPubKeyAlgId.AppendOid("1.2.840.113549.1.1.1")
$bSuccess = $oAsnPubKeyAlgId.AppendNull()
; The public key itself is a BIT STRING, but the bit string is composed of ASN.1
; for the RSA public key. We'll first build the RSA ASN.1 for the public key
; (containing the 2048 bit modulus and exponent), and encoded it to DER, and then add
; the DER bytes as a BIT STRING (as a sub-item of asnPubKeyInfo)
; This is already a SEQUENCE..
$oAsnRsaKey = ObjCreate("Chilkat.Asn")
; The RSA modulus is a big integer.
$bSuccess = $oAsnRsaKey.AppendBigInt($sKeyModulus,"base64")
$bSuccess = $oAsnRsaKey.AppendInt(65537)
Local $sRsaKeyDerBase64 = $oAsnRsaKey.GetEncodedDer("base64")
; Now add the RSA key DER as a BIT STRING.
$bSuccess = $oAsnPubKeyInfo.AppendBits($sRsaKeyDerBase64,"base64")
; The last part of the certificate request info is an empty context-specific constructed item
; with a tag equal to 0.
$bSuccess = $oAsnCertReqInfo.AppendContextConstructed(0)
; Get the DER of the asnCertReqInfo.
; This will be signed using the RSA private key.
$oBdDer = ObjCreate("Chilkat.BinData")
$bSuccess = $oAsnCertReqInfo.WriteBd($oBdDer)
; Add the signature to the ASN.1
$oBdSig = ObjCreate("Chilkat.BinData")
$bSuccess = $oRsa.SignBd($oBdDer,"SHA1",$oBdSig)
$bSuccess = $oAsnRoot.AppendBits($oBdSig.GetEncoded("base64"),"base64")
; ----------------------------------
; Finally, add the algorithm identifier, which is the 2nd sub-item under the root.
; ----------------------------------
Local $oAsnAlgId = $oAsnRoot.GetSubItem(1)
$bSuccess = $oAsnAlgId.AppendOid("1.2.840.113549.1.1.5")
$bSuccess = $oAsnAlgId.AppendNull()
; Write the CSR to a DER encoded binary file:
$bSuccess = $oAsnRoot.WriteBinaryDer("qa_output/mydomain.csr")
If ($bSuccess = False) Then
ConsoleWrite($oAsnRoot.LastErrorText & @CRLF)
Exit
EndIf
; It is also possible to get the CSR in base64 format:
Local $sCsrBase64 = $oAsnRoot.GetEncodedDer("base64")
ConsoleWrite("Base64 CSR:" & @CRLF)
ConsoleWrite($sCsrBase64 & @CRLF)