Chilkat2-Python
Chilkat2-Python
Renew a DigiCert Certificate from an EST-enabled profile
See more Certificates Examples
Demonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.)Chilkat Chilkat2-Python Downloads
import sys
import chilkat2
success = False
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# The example below duplicates the following OpenSSL commands:
#
# # Name of certificate as argument 1
#
# # Make new key
# openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem
#
# # Make csr
# openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}"
#
# # Request new cert
# curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem
# --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll
#
# # Convert to PEM
# openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem
# ------------------------------------------------------------------------------------------------------------------
# Create a Fortuna PRNG and seed it with system entropy.
# This will be our source of random data for generating the ECC private key.
fortuna = chilkat2.Prng()
entropy = fortuna.GetEntropy(32,"base64")
success = fortuna.AddEntropy(entropy,"base64")
ec = chilkat2.Ecc()
# Generate a random EC private key on the prime256v1 curve.
privKey = chilkat2.PrivateKey()
success = ec.GenKey("prime256v1",fortuna,privKey)
if (success != True):
print(ec.LastErrorText)
sys.exit()
# Create the CSR object and set properties.
csr = chilkat2.Csr()
# Specify your CN
csr.CommonName = "mysubdomain.mydomain.com"
# Create the CSR using the private key.
bdCsr = chilkat2.BinData()
success = csr.GenCsrBd(privKey,bdCsr)
if (success == False):
print(csr.LastErrorText)
sys.exit()
# Save the private key and CSR to files.
privKey.SavePkcs8EncryptedPemFile("password","c:/temp/qa_output/ec_privkey.pem")
bdCsr.WriteFile("c:/temp/qa_output/csr.pem")
# ----------------------------------------------------------------------
# Now do the CURL request to POST the CSR and get the new certificate.
http = chilkat2.Http()
tlsClientCert = chilkat2.Cert()
success = tlsClientCert.LoadFromFile("data/myTlsClientCert.pem")
if (success == False):
print(tlsClientCert.LastErrorText)
sys.exit()
bdTlsClientCertPrivKey = chilkat2.BinData()
success = bdTlsClientCertPrivKey.LoadFile("data/myTlsClientCert.key.pem")
if (success == False):
print("Failed to load data/myTlsClientCert.key.pem")
sys.exit()
tlsClientCertPrivKey = chilkat2.PrivateKey()
success = tlsClientCertPrivKey.LoadAnyFormat(bdTlsClientCertPrivKey,"")
if (success == False):
print(tlsClientCertPrivKey.LastErrorText)
sys.exit()
success = tlsClientCert.SetPrivateKey(tlsClientCertPrivKey)
if (success == False):
print(tlsClientCert.LastErrorText)
sys.exit()
http.SetSslClientCert(tlsClientCert)
http.RequireSslCertVerify = True
# The body of the HTTP request contains the binary CSR.
resp = chilkat2.HttpResponse()
url = "https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll"
success = http.HttpBd("POST",url,bdCsr,"application/pkcs10",resp)
if (success == False):
print(http.LastErrorText)
sys.exit()
if (resp.StatusCode != 200):
print("response status code = " + str(resp.StatusCode))
print(resp.BodyStr)
print("Failed")
sys.exit()
# The response is the Base64 DER of the new certificate.
myNewCert = chilkat2.Cert()
success = myNewCert.LoadFromBase64(resp.BodyStr)
if (success == False):
print(myNewCert.LastErrorText)
print("Cert data = " + resp.BodyStr)
print("Failed.")
sys.exit()
success = myNewCert.SaveToFile("c:/temp/qa_output/myNewCert.cer")
if (success == False):
print(myNewCert.LastErrorText)
print("Failed.")
sys.exit()
print("Success.")