DataFlex
DataFlex
Renew a DigiCert Certificate from an EST-enabled profile
See more Certificates Examples
Demonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.)Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Variant vFortuna
Handle hoFortuna
String sEntropy
Handle hoEc
Variant vPrivKey
Handle hoPrivKey
Handle hoCsr
Variant vBdCsr
Handle hoBdCsr
Handle hoHttp
Variant vTlsClientCert
Handle hoTlsClientCert
Variant vBdTlsClientCertPrivKey
Handle hoBdTlsClientCertPrivKey
Variant vTlsClientCert
PrivKey Handle hoTlsClientCertPrivKey
Variant vResp
Handle hoResp
String sUrl
Handle hoMyNewCert
String sTemp1
Integer iTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// The example below duplicates the following OpenSSL commands:
//
// # Name of certificate as argument 1
//
// # Make new key
// openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem
//
// # Make csr
// openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}"
//
// # Request new cert
// curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem
// --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll
//
// # Convert to PEM
// openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem
// ------------------------------------------------------------------------------------------------------------------
// Create a Fortuna PRNG and seed it with system entropy.
// This will be our source of random data for generating the ECC private key.
Get Create (RefClass(cComChilkatPrng)) To hoFortuna
If (Not(IsComObjectCreated(hoFortuna))) Begin
Send CreateComObject of hoFortuna
End
Get ComGetEntropy Of hoFortuna 32 "base64" To sEntropy
Get ComAddEntropy Of hoFortuna sEntropy "base64" To iSuccess
Get Create (RefClass(cComChilkatEcc)) To hoEc
If (Not(IsComObjectCreated(hoEc))) Begin
Send CreateComObject of hoEc
End
// Generate a random EC private key on the prime256v1 curve.
Get Create (RefClass(cComChilkatPrivateKey)) To hoPrivKey
If (Not(IsComObjectCreated(hoPrivKey))) Begin
Send CreateComObject of hoPrivKey
End
Get pvComObject of hoFortuna to vFortuna
Get pvComObject of hoPrivKey to vPrivKey
Get ComGenKey Of hoEc "prime256v1" vFortuna vPrivKey To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoEc To sTemp1
Showln sTemp1
Procedure_Return
End
// Create the CSR object and set properties.
Get Create (RefClass(cComChilkatCsr)) To hoCsr
If (Not(IsComObjectCreated(hoCsr))) Begin
Send CreateComObject of hoCsr
End
// Specify your CN
Set ComCommonName Of hoCsr To "mysubdomain.mydomain.com"
// Create the CSR using the private key.
Get Create (RefClass(cComChilkatBinData)) To hoBdCsr
If (Not(IsComObjectCreated(hoBdCsr))) Begin
Send CreateComObject of hoBdCsr
End
Get pvComObject of hoPrivKey to vPrivKey
Get pvComObject of hoBdCsr to vBdCsr
Get ComGenCsrBd Of hoCsr vPrivKey vBdCsr To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoCsr To sTemp1
Showln sTemp1
Procedure_Return
End
// Save the private key and CSR to files.
Get ComSavePkcs8EncryptedPemFile Of hoPrivKey "password" "c:/temp/qa_output/ec_privkey.pem" To iSuccess
Get ComWriteFile Of hoBdCsr "c:/temp/qa_output/csr.pem" To iSuccess
// ----------------------------------------------------------------------
// Now do the CURL request to POST the CSR and get the new certificate.
Get Create (RefClass(cComChilkatHttp)) To hoHttp
If (Not(IsComObjectCreated(hoHttp))) Begin
Send CreateComObject of hoHttp
End
Get Create (RefClass(cComChilkatCert)) To hoTlsClientCert
If (Not(IsComObjectCreated(hoTlsClientCert))) Begin
Send CreateComObject of hoTlsClientCert
End
Get ComLoadFromFile Of hoTlsClientCert "data/myTlsClientCert.pem" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoTlsClientCert To sTemp1
Showln sTemp1
Procedure_Return
End
Get Create (RefClass(cComChilkatBinData)) To hoBdTlsClientCertPrivKey
If (Not(IsComObjectCreated(hoBdTlsClientCertPrivKey))) Begin
Send CreateComObject of hoBdTlsClientCertPrivKey
End
Get ComLoadFile Of hoBdTlsClientCertPrivKey "data/myTlsClientCert.key.pem" To iSuccess
If (iSuccess = False) Begin
Showln "Failed to load data/myTlsClientCert.key.pem"
Procedure_Return
End
Get Create (RefClass(cComChilkatPrivateKey)) To hoTlsClientCertPrivKey
If (Not(IsComObjectCreated(hoTlsClientCertPrivKey))) Begin
Send CreateComObject of hoTlsClientCertPrivKey
End
Get pvComObject of hoBdTlsClientCertPrivKey to vBdTlsClientCertPrivKey
Get ComLoadAnyFormat Of hoTlsClientCertPrivKey vBdTlsClientCertPrivKey "" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoTlsClientCertPrivKey To sTemp1
Showln sTemp1
Procedure_Return
End
Get pvComObject of hoTlsClientCertPrivKey to vTlsClientCertPrivKey
Get ComSetPrivateKey Of hoTlsClientCert vTlsClientCertPrivKey To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoTlsClientCert To sTemp1
Showln sTemp1
Procedure_Return
End
Get pvComObject of hoTlsClientCert to vTlsClientCert
Get ComSetSslClientCert Of hoHttp vTlsClientCert To iSuccess
Set ComRequireSslCertVerify Of hoHttp To True
// The body of the HTTP request contains the binary CSR.
Get Create (RefClass(cComChilkatHttpResponse)) To hoResp
If (Not(IsComObjectCreated(hoResp))) Begin
Send CreateComObject of hoResp
End
Move "https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll" To sUrl
Get pvComObject of hoBdCsr to vBdCsr
Get pvComObject of hoResp to vResp
Get ComHttpBd Of hoHttp "POST" sUrl vBdCsr "application/pkcs10" vResp To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
Procedure_Return
End
Get ComStatusCode Of hoResp To iTemp1
If (iTemp1 <> 200) Begin
Get ComStatusCode Of hoResp To iTemp1
Showln "response status code = " iTemp1
Get ComBodyStr Of hoResp To sTemp1
Showln sTemp1
Showln "Failed"
Procedure_Return
End
// The response is the Base64 DER of the new certificate.
Get Create (RefClass(cComChilkatCert)) To hoMyNewCert
If (Not(IsComObjectCreated(hoMyNewCert))) Begin
Send CreateComObject of hoMyNewCert
End
Get ComBodyStr Of hoResp To sTemp1
Get ComLoadFromBase64 Of hoMyNewCert sTemp1 To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoMyNewCert To sTemp1
Showln sTemp1
Get ComBodyStr Of hoResp To sTemp1
Showln "Cert data = " sTemp1
Showln "Failed."
Procedure_Return
End
Get ComSaveToFile Of hoMyNewCert "c:/temp/qa_output/myNewCert.cer" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoMyNewCert To sTemp1
Showln sTemp1
Showln "Failed."
Procedure_Return
End
Showln "Success."
End_Procedure