DataFlex
DataFlex
Generate a CSR with keyUsage, extKeyUsage, and other Extensions
See more CSR Examples
Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest with the following extensions:- 1.3.6.1.4.1.311.20.2 enrollCerttypeExtension
- 2.5.29.15 keyUsage
- 2.5.29.37 extKeyUsage
- 2.5.29.14 subjectKeyIdentifier
Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoEcc
Variant vPrng
Handle hoPrng
Variant vPrivKey
Handle hoPrivKey
Handle hoCsr
String s
Handle hoBdTemp
String sS_base64_utf16be
Variant vXml
Handle hoXml
Variant vPubKey
Handle hoPubKey
Handle hoBdPubKeyDer
String sSki
String sCsrPem
String sTemp1
Boolean bTemp1
Move False To iSuccess
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// This example will generate a secp256r1 ECDSA key for the CSR.
Get Create (RefClass(cComChilkatEcc)) To hoEcc
If (Not(IsComObjectCreated(hoEcc))) Begin
Send CreateComObject of hoEcc
End
Get Create (RefClass(cComChilkatPrng)) To hoPrng
If (Not(IsComObjectCreated(hoPrng))) Begin
Send CreateComObject of hoPrng
End
Get Create (RefClass(cComChilkatPrivateKey)) To hoPrivKey
If (Not(IsComObjectCreated(hoPrivKey))) Begin
Send CreateComObject of hoPrivKey
End
Get pvComObject of hoPrng to vPrng
Get pvComObject of hoPrivKey to vPrivKey
Get ComGenKey Of hoEcc "secp256r1" vPrng vPrivKey To iSuccess
If (iSuccess = False) Begin
Showln "Failed to generate a new ECDSA private key."
Procedure_Return
End
Get Create (RefClass(cComChilkatCsr)) To hoCsr
If (Not(IsComObjectCreated(hoCsr))) Begin
Send CreateComObject of hoCsr
End
// Add common CSR fields:
Set ComCommonName Of hoCsr To "mysubdomain.mydomain.com"
Set ComCountry Of hoCsr To "GB"
Set ComState Of hoCsr To "Yorks"
Set ComLocality Of hoCsr To "York"
Set ComCompany Of hoCsr To "Internet Widgits Pty Ltd"
Set ComEmailAddress Of hoCsr To "support@mydomain.com"
// Add the following 1.2.840.113549.1.9.14 extensionRequest
// Note: The easiest way to know the content and format of the XML to be added is to examine
// a pre-existing CSR with the same desired extensionRequest. You can use Chilkat to
// get the extensionRequest from an existing CSR.
//
// Here is a sample extension request:
// <?xml version="1.0" encoding="utf-8"?>
// <set>
// <sequence>
// <sequence>
// <oid>1.3.6.1.4.1.311.20.2</oid>
// <asnOctets>
// <universal tag="30" constructed="0">AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABl
// AF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx</universal>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.15</oid>
// <bool>1</bool>
// <asnOctets>
// <bits n="3">A0</bits>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.37</oid>
// <asnOctets>
// <sequence>
// <oid>1.3.6.1.5.5.7.3.3</oid>
// </sequence>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.14</oid>
// <asnOctets>
// <octets>MCzBMQAViXBz8IDt8LsgmJxJ4Xg=</octets>
// </asnOctets>
// </sequence>
// </sequence>
// </set>
// Use this online tool to generate code from sample XML:
// Generate Code to Create XML
// A few notes:
// The string "AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABlAF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx"
// is the base64 encoding of the utf-16be byte representation of the string "EndEntityClientAuthCertificate_CSRPassthrough/V1"
Move "EndEntityClientAuthCertificate_CSRPassthrough/V1" To s
Get Create (RefClass(cComChilkatBinData)) To hoBdTemp
If (Not(IsComObjectCreated(hoBdTemp))) Begin
Send CreateComObject of hoBdTemp
End
Get ComAppendString Of hoBdTemp s "utf-16be" To iSuccess
Get ComGetEncoded Of hoBdTemp "base64" To sS_base64_utf16be
// The string should be "AEUA....."
Showln sS_base64_utf16be
// Here's the code to generate the above extension request.
Get Create (RefClass(cComChilkatXml)) To hoXml
If (Not(IsComObjectCreated(hoXml))) Begin
Send CreateComObject of hoXml
End
Set ComTag Of hoXml To "set"
Send ComUpdateChildContent To hoXml "sequence|sequence|oid" "1.3.6.1.4.1.311.20.2"
Get ComUpdateAttrAt Of hoXml "sequence|sequence|asnOctets|universal" True "tag" "30" To iSuccess
Get ComUpdateAttrAt Of hoXml "sequence|sequence|asnOctets|universal" True "constructed" "0" To iSuccess
Send ComUpdateChildContent To hoXml "sequence|sequence|asnOctets|universal" sS_base64_utf16be
Send ComUpdateChildContent To hoXml "sequence|sequence[1]|oid" "2.5.29.15"
Send ComUpdateChildContent To hoXml "sequence|sequence[1]|bool" "1"
Get ComUpdateAttrAt Of hoXml "sequence|sequence[1]|asnOctets|bits" True "n" "3" To iSuccess
// A0 is hex for decimal 160.
Send ComUpdateChildContent To hoXml "sequence|sequence[1]|asnOctets|bits" "A0"
Send ComUpdateChildContent To hoXml "sequence|sequence[2]|oid" "2.5.29.37"
Send ComUpdateChildContent To hoXml "sequence|sequence[2]|asnOctets|sequence|oid" "1.3.6.1.5.5.7.3.3"
// This is the subjectKeyIdentifier extension.
// The string "MCzBMQAViXBz8IDt8LsgmJxJ4Xg=" is base64 that decodes to 20 bytes, which is a SHA1 hash.
// This is simply a hash of the DER of the public key.
Get Create (RefClass(cComChilkatPublicKey)) To hoPubKey
If (Not(IsComObjectCreated(hoPubKey))) Begin
Send CreateComObject of hoPubKey
End
Get pvComObject of hoPubKey to vPubKey
Get ComToPublicKey Of hoPrivKey vPubKey To iSuccess
Get Create (RefClass(cComChilkatBinData)) To hoBdPubKeyDer
If (Not(IsComObjectCreated(hoBdPubKeyDer))) Begin
Send CreateComObject of hoBdPubKeyDer
End
Get ComGetEncoded Of hoPubKey True "base64" To sTemp1
Get ComAppendEncoded Of hoBdPubKeyDer sTemp1 "base64" To iSuccess
Get ComGetHash Of hoBdPubKeyDer "sha1" "base64" To sSki
Send ComUpdateChildContent To hoXml "sequence|sequence[3]|oid" "2.5.29.14"
Send ComUpdateChildContent To hoXml "sequence|sequence[3]|asnOctets|octets" sSki
// Add the extension request to the CSR
Get pvComObject of hoXml to vXml
Get ComSetExtensionRequest Of hoCsr vXml To iSuccess
// Generate the CSR with the extension request
Get pvComObject of hoPrivKey to vPrivKey
Get ComGenCsrPem Of hoCsr vPrivKey To sCsrPem
Get ComLastMethodSuccess Of hoCsr To bTemp1
If (bTemp1 = False) Begin
Get ComLastErrorText Of hoCsr To sTemp1
Showln sTemp1
Procedure_Return
End
Showln sCsrPem
End_Procedure