![]() |
Chilkat HOME Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi DLL Go Java Node.js Objective-C PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Delphi ActiveX) Renew a DigiCert Certificate from an EST-enabled profileDemonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.) Note: This example requires Chilkat v11.0.0 or greater.
uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB; ... procedure TForm1.Button1Click(Sender: TObject); var fortuna: TChilkatPrng; entropy: WideString; success: Integer; ec: TChilkatEcc; privKey: TPrivateKey; csr: TChilkatCsr; bdCsr: TChilkatBinData; http: TChilkatHttp; tlsClientCert: TChilkatCert; bdTlsClientCertPrivKey: TChilkatBinData; tlsClientCertPrivKey: TPrivateKey; resp: TChilkatHttpResponse; url: WideString; myNewCert: TChilkatCert; begin // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // The example below duplicates the following OpenSSL commands: // // # Name of certificate as argument 1 // // # Make new key // openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem // // # Make csr // openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}" // // # Request new cert // curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem // --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll // // # Convert to PEM // openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem // ------------------------------------------------------------------------------------------------------------------ // Create a Fortuna PRNG and seed it with system entropy. // This will be our source of random data for generating the ECC private key. fortuna := TChilkatPrng.Create(Self); entropy := fortuna.GetEntropy(32,'base64'); success := fortuna.AddEntropy(entropy,'base64'); ec := TChilkatEcc.Create(Self); // Generate a random EC private key on the prime256v1 curve. privKey := TPrivateKey.Create(Self); success := ec.GenKey('prime256v1',fortuna.ControlInterface,privKey.ControlInterface); if (success <> 1) then begin Memo1.Lines.Add(ec.LastErrorText); Exit; end; // Create the CSR object and set properties. csr := TChilkatCsr.Create(Self); // Specify your CN csr.CommonName := 'mysubdomain.mydomain.com'; // Create the CSR using the private key. bdCsr := TChilkatBinData.Create(Self); success := csr.GenCsrBd(privKey.ControlInterface,bdCsr.ControlInterface); if (success = 0) then begin Memo1.Lines.Add(csr.LastErrorText); Exit; end; // Save the private key and CSR to files. privKey.SavePkcs8EncryptedPemFile('password','c:/temp/qa_output/ec_privkey.pem'); bdCsr.WriteFile('c:/temp/qa_output/csr.pem'); // ---------------------------------------------------------------------- // Now do the CURL request to POST the CSR and get the new certificate. http := TChilkatHttp.Create(Self); tlsClientCert := TChilkatCert.Create(Self); success := tlsClientCert.LoadFromFile('data/myTlsClientCert.pem'); if (success = 0) then begin Memo1.Lines.Add(tlsClientCert.LastErrorText); Exit; end; bdTlsClientCertPrivKey := TChilkatBinData.Create(Self); success := bdTlsClientCertPrivKey.LoadFile('data/myTlsClientCert.key.pem'); if (success = 0) then begin Memo1.Lines.Add('Failed to load data/myTlsClientCert.key.pem'); Exit; end; tlsClientCertPrivKey := TPrivateKey.Create(Self); success := tlsClientCertPrivKey.LoadAnyFormat(bdTlsClientCertPrivKey.ControlInterface,''); if (success = 0) then begin Memo1.Lines.Add(tlsClientCertPrivKey.LastErrorText); Exit; end; success := tlsClientCert.SetPrivateKey(tlsClientCertPrivKey.ControlInterface); if (success = 0) then begin Memo1.Lines.Add(tlsClientCert.LastErrorText); Exit; end; http.SetSslClientCert(tlsClientCert.ControlInterface); http.RequireSslCertVerify := 1; // The body of the HTTP request contains the binary CSR. resp := TChilkatHttpResponse.Create(Self); url := 'https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll'; success := http.HttpBd('POST',url,bdCsr.ControlInterface,'application/pkcs10',resp.ControlInterface); if (success = 0) then begin Memo1.Lines.Add(http.LastErrorText); Exit; end; if (resp.StatusCode <> 200) then begin Memo1.Lines.Add('response status code = ' + IntToStr(resp.StatusCode)); Memo1.Lines.Add(resp.BodyStr); Memo1.Lines.Add('Failed'); Exit; end; // The response is the Base64 DER of the new certificate. myNewCert := TChilkatCert.Create(Self); success := myNewCert.LoadFromBase64(resp.BodyStr); if (success = 0) then begin Memo1.Lines.Add(myNewCert.LastErrorText); Memo1.Lines.Add('Cert data = ' + resp.BodyStr); Memo1.Lines.Add('Failed.'); Exit; end; success := myNewCert.SaveToFile('c:/temp/qa_output/myNewCert.cer'); if (success = 0) then begin Memo1.Lines.Add(myNewCert.LastErrorText); Memo1.Lines.Add('Failed.'); Exit; end; Memo1.Lines.Add('Success.'); end; |
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.