(Visual FoxPro) Generate a CSR with keyUsage, extKeyUsage, and other Extensions

See more CSR Examples

Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest with the following extensions:

• 1.3.6.1.4.1.311.20.2 enrollCerttypeExtension
• 2.5.29.15 keyUsage
• 2.5.29.37 extKeyUsage
• 2.5.29.14 subjectKeyIdentifier

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

LOCAL loEcc
LOCAL loPrng
LOCAL loPrivKey
LOCAL loCsr
LOCAL s
LOCAL loBdTemp
LOCAL lcS_base64_utf16be
LOCAL loXml
LOCAL loPubKey
LOCAL loBdPubKeyDer
LOCAL lcSki
LOCAL lcCsrPem

* This requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

* This example will generate a secp256r1 ECDSA key for the CSR.
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Ecc')
loEcc = CreateObject('Chilkat.Ecc')
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Prng')
loPrng = CreateObject('Chilkat.Prng')

loPrivKey = loEcc.GenEccKey("secp256r1",loPrng)
IF (loEcc.LastMethodSuccess = 0) THEN
    ? "Failed to generate a new ECDSA private key."
    RELEASE loEcc
    RELEASE loPrng
    CANCEL
ENDIF

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Csr')
loCsr = CreateObject('Chilkat.Csr')

* Add common CSR fields:
loCsr.CommonName = "mysubdomain.mydomain.com"
loCsr.Country = "GB"
loCsr.State = "Yorks"
loCsr.Locality = "York"
loCsr.Company = "Internet Widgits Pty Ltd"
loCsr.EmailAddress = "support@mydomain.com"

* Add the following 1.2.840.113549.1.9.14 extensionRequest
* Note: The easiest way to know the content and format of the XML to be added is to examine
* a pre-existing CSR with the same desired extensionRequest.  You can use Chilkat to
* get the extensionRequest from an existing CSR. 

* 
* Here is a sample extension request:

* <?xml version="1.0" encoding="utf-8"?>
* <set>
*     <sequence>
*         <sequence>
*             <oid>1.3.6.1.4.1.311.20.2</oid>
*             <asnOctets>
*                 <universal tag="30" constructed="0">AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABl
* AF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx</universal>
*             </asnOctets>
*         </sequence>
*         <sequence>
*             <oid>2.5.29.15</oid>
*             <bool>1</bool>
*             <asnOctets>
*                 <bits n="3">A0</bits>
*             </asnOctets>
*         </sequence>
*         <sequence>
*             <oid>2.5.29.37</oid>
*             <asnOctets>
*                 <sequence>
*                     <oid>1.3.6.1.5.5.7.3.3</oid>
*                 </sequence>
*             </asnOctets>
*         </sequence>
*         <sequence>
*             <oid>2.5.29.14</oid>
*             <asnOctets>
*                 <octets>MCzBMQAViXBz8IDt8LsgmJxJ4Xg=</octets>
*             </asnOctets>
*         </sequence>
*     </sequence>
* </set>

* Use this online tool to generate code from sample XML: 
* Generate Code to Create XML

* A few notes:
* The string "AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABlAF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx"
* is the base64 encoding of the utf-16be byte representation of the string "EndEntityClientAuthCertificate_CSRPassthrough/V1"

s = "EndEntityClientAuthCertificate_CSRPassthrough/V1"
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.BinData')
loBdTemp = CreateObject('Chilkat.BinData')
loBdTemp.AppendString(s,"utf-16be")
lcS_base64_utf16be = loBdTemp.GetEncoded("base64")
* The string should be "AEUA....."
? lcS_base64_utf16be

* Here's the code to generate the above extension request.

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Xml')
loXml = CreateObject('Chilkat.Xml')
loXml.Tag = "set"
loXml.UpdateChildContent("sequence|sequence|oid","1.3.6.1.4.1.311.20.2")
loXml.UpdateAttrAt("sequence|sequence|asnOctets|universal",1,"tag","30")
loXml.UpdateAttrAt("sequence|sequence|asnOctets|universal",1,"constructed","0")
loXml.UpdateChildContent("sequence|sequence|asnOctets|universal",lcS_base64_utf16be)
loXml.UpdateChildContent("sequence|sequence[1]|oid","2.5.29.15")
loXml.UpdateChildContent("sequence|sequence[1]|bool","1")
loXml.UpdateAttrAt("sequence|sequence[1]|asnOctets|bits",1,"n","3")
* A0 is hex for decimal 160.
loXml.UpdateChildContent("sequence|sequence[1]|asnOctets|bits","A0")
loXml.UpdateChildContent("sequence|sequence[2]|oid","2.5.29.37")
loXml.UpdateChildContent("sequence|sequence[2]|asnOctets|sequence|oid","1.3.6.1.5.5.7.3.3")

* This is the subjectKeyIdentifier extension.
* The string "MCzBMQAViXBz8IDt8LsgmJxJ4Xg=" is base64 that decodes to 20 bytes, which is a SHA1 hash.
* This is simply a hash of the DER of the public key.

loPubKey = loPrivKey.GetPublicKey()
* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.BinData')
loBdPubKeyDer = CreateObject('Chilkat.BinData')
loBdPubKeyDer.AppendEncoded(loPubKey.GetEncoded(1,"base64"),"base64")
lcSki = loBdPubKeyDer.GetHash("sha1","base64")
RELEASE loPubKey

loXml.UpdateChildContent("sequence|sequence[3]|oid","2.5.29.14")
loXml.UpdateChildContent("sequence|sequence[3]|asnOctets|octets",lcSki)

* Add the extension request to the CSR
loCsr.SetExtensionRequest(loXml)

* Generate the CSR with the extension request
lcCsrPem = loCsr.GenCsrPem(loPrivKey)
IF (loCsr.LastMethodSuccess = 0) THEN
    ? loCsr.LastErrorText
    RELEASE loPrivKey
    RELEASE loEcc
    RELEASE loPrng
    RELEASE loCsr
    RELEASE loBdTemp
    RELEASE loXml
    RELEASE loBdPubKeyDer
    CANCEL
ENDIF

? lcCsrPem

RELEASE loPrivKey

RELEASE loEcc
RELEASE loPrng
RELEASE loCsr
RELEASE loBdTemp
RELEASE loXml
RELEASE loBdPubKeyDer