Sample code for 30+ languages & platforms
Chilkat2-Python

Renew a DigiCert Certificate from an EST-enabled profile

See more Certificates Examples

Demonstrates how to renew a certificate from an EST-enabled profile in DigiCert​​®​​ Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.)

Chilkat Chilkat2-Python Downloads

Chilkat2-Python
import sys
import chilkat2

success = False

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# The example below duplicates the following OpenSSL commands:
# 
# # Name of certificate as argument 1
# 
# # Make new key
# openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem
# 
# # Make csr
# openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}"
# 
# # Request new cert
# curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem 
#     --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll
# 
# # Convert to PEM
# openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem

# ------------------------------------------------------------------------------------------------------------------

# Create a Fortuna PRNG and seed it with system entropy.
# This will be our source of random data for generating the ECC private key.
fortuna = chilkat2.Prng()
entropy = fortuna.GetEntropy(32,"base64")
success = fortuna.AddEntropy(entropy,"base64")

ec = chilkat2.Ecc()

# Generate a random EC private key on the prime256v1 curve.
privKey = chilkat2.PrivateKey()
success = ec.GenKey("prime256v1",fortuna,privKey)
if (success != True):
    print(ec.LastErrorText)
    sys.exit()

# Create the CSR object and set properties.
csr = chilkat2.Csr()

# Specify your CN
csr.CommonName = "mysubdomain.mydomain.com"

# Create the CSR using the private key.
bdCsr = chilkat2.BinData()
success = csr.GenCsrBd(privKey,bdCsr)
if (success == False):
    print(csr.LastErrorText)
    sys.exit()

# Save the private key and CSR to files.
privKey.SavePkcs8EncryptedPemFile("password","c:/temp/qa_output/ec_privkey.pem")

bdCsr.WriteFile("c:/temp/qa_output/csr.pem")

# ----------------------------------------------------------------------
# Now do the CURL request to POST the CSR and get the new certificate.

http = chilkat2.Http()

tlsClientCert = chilkat2.Cert()
success = tlsClientCert.LoadFromFile("data/myTlsClientCert.pem")
if (success == False):
    print(tlsClientCert.LastErrorText)
    sys.exit()

bdTlsClientCertPrivKey = chilkat2.BinData()
success = bdTlsClientCertPrivKey.LoadFile("data/myTlsClientCert.key.pem")
if (success == False):
    print("Failed to load data/myTlsClientCert.key.pem")
    sys.exit()

tlsClientCertPrivKey = chilkat2.PrivateKey()
success = tlsClientCertPrivKey.LoadAnyFormat(bdTlsClientCertPrivKey,"")
if (success == False):
    print(tlsClientCertPrivKey.LastErrorText)
    sys.exit()

success = tlsClientCert.SetPrivateKey(tlsClientCertPrivKey)
if (success == False):
    print(tlsClientCert.LastErrorText)
    sys.exit()

http.SetSslClientCert(tlsClientCert)

http.RequireSslCertVerify = True

# The body of the HTTP request contains the binary CSR.
resp = chilkat2.HttpResponse()
url = "https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll"
success = http.HttpBd("POST",url,bdCsr,"application/pkcs10",resp)
if (success == False):
    print(http.LastErrorText)
    sys.exit()

if (resp.StatusCode != 200):
    print("response status code = " + str(resp.StatusCode))
    print(resp.BodyStr)
    print("Failed")
    sys.exit()

# The response is the Base64 DER of the new certificate.
myNewCert = chilkat2.Cert()
success = myNewCert.LoadFromBase64(resp.BodyStr)
if (success == False):
    print(myNewCert.LastErrorText)
    print("Cert data = " + resp.BodyStr)
    print("Failed.")
    sys.exit()

success = myNewCert.SaveToFile("c:/temp/qa_output/myNewCert.cer")
if (success == False):
    print(myNewCert.LastErrorText)
    print("Failed.")
    sys.exit()

print("Success.")