C++
C++
Renew a DigiCert Certificate from an EST-enabled profile
See more Certificates Examples
Demonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.)Chilkat C++ Downloads
#include <CkPrng.h>
#include <CkEcc.h>
#include <CkPrivateKey.h>
#include <CkCsr.h>
#include <CkBinData.h>
#include <CkHttp.h>
#include <CkCert.h>
#include <CkHttpResponse.h>
void ChilkatSample(void)
{
bool success = false;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// The example below duplicates the following OpenSSL commands:
//
// # Name of certificate as argument 1
//
// # Make new key
// openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem
//
// # Make csr
// openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}"
//
// # Request new cert
// curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem
// --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll
//
// # Convert to PEM
// openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem
// ------------------------------------------------------------------------------------------------------------------
// Create a Fortuna PRNG and seed it with system entropy.
// This will be our source of random data for generating the ECC private key.
CkPrng fortuna;
const char *entropy = fortuna.getEntropy(32,"base64");
success = fortuna.AddEntropy(entropy,"base64");
CkEcc ec;
// Generate a random EC private key on the prime256v1 curve.
CkPrivateKey privKey;
success = ec.GenKey("prime256v1",fortuna,privKey);
if (success != true) {
std::cout << ec.lastErrorText() << "\r\n";
return;
}
// Create the CSR object and set properties.
CkCsr csr;
// Specify your CN
csr.put_CommonName("mysubdomain.mydomain.com");
// Create the CSR using the private key.
CkBinData bdCsr;
success = csr.GenCsrBd(privKey,bdCsr);
if (success == false) {
std::cout << csr.lastErrorText() << "\r\n";
return;
}
// Save the private key and CSR to files.
privKey.SavePkcs8EncryptedPemFile("password","c:/temp/qa_output/ec_privkey.pem");
bdCsr.WriteFile("c:/temp/qa_output/csr.pem");
// ----------------------------------------------------------------------
// Now do the CURL request to POST the CSR and get the new certificate.
CkHttp http;
CkCert tlsClientCert;
success = tlsClientCert.LoadFromFile("data/myTlsClientCert.pem");
if (success == false) {
std::cout << tlsClientCert.lastErrorText() << "\r\n";
return;
}
CkBinData bdTlsClientCertPrivKey;
success = bdTlsClientCertPrivKey.LoadFile("data/myTlsClientCert.key.pem");
if (success == false) {
std::cout << "Failed to load data/myTlsClientCert.key.pem" << "\r\n";
return;
}
CkPrivateKey tlsClientCertPrivKey;
success = tlsClientCertPrivKey.LoadAnyFormat(bdTlsClientCertPrivKey,"");
if (success == false) {
std::cout << tlsClientCertPrivKey.lastErrorText() << "\r\n";
return;
}
success = tlsClientCert.SetPrivateKey(tlsClientCertPrivKey);
if (success == false) {
std::cout << tlsClientCert.lastErrorText() << "\r\n";
return;
}
http.SetSslClientCert(tlsClientCert);
http.put_RequireSslCertVerify(true);
// The body of the HTTP request contains the binary CSR.
CkHttpResponse resp;
const char *url = "https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll";
success = http.HttpBd("POST",url,bdCsr,"application/pkcs10",resp);
if (success == false) {
std::cout << http.lastErrorText() << "\r\n";
return;
}
if (resp.get_StatusCode() != 200) {
std::cout << "response status code = " << resp.get_StatusCode() << "\r\n";
std::cout << resp.bodyStr() << "\r\n";
std::cout << "Failed" << "\r\n";
return;
}
// The response is the Base64 DER of the new certificate.
CkCert myNewCert;
success = myNewCert.LoadFromBase64(resp.bodyStr());
if (success == false) {
std::cout << myNewCert.lastErrorText() << "\r\n";
std::cout << "Cert data = " << resp.bodyStr() << "\r\n";
std::cout << "Failed." << "\r\n";
return;
}
success = myNewCert.SaveToFile("c:/temp/qa_output/myNewCert.cer");
if (success == false) {
std::cout << myNewCert.lastErrorText() << "\r\n";
std::cout << "Failed." << "\r\n";
return;
}
std::cout << "Success." << "\r\n";
}