|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Lianja) Renew a DigiCert Certificate from an EST-enabled profileDemonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.)
// This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // The example below duplicates the following OpenSSL commands: // // # Name of certificate as argument 1 // // # Make new key // openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem // // # Make csr // openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}" // // # Request new cert // curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem // --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll // // # Convert to PEM // openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem // ------------------------------------------------------------------------------------------------------------------ // Create a Fortuna PRNG and seed it with system entropy. // This will be our source of random data for generating the ECC private key. loFortuna = createobject("CkPrng") lcEntropy = loFortuna.GetEntropy(32,"base64") llSuccess = loFortuna.AddEntropy(lcEntropy,"base64") loEc = createobject("CkEcc") // Generate a random EC private key on the prime256v1 curve. loPrivKey = loEc.GenEccKey("prime256v1",loFortuna) if (loEc.LastMethodSuccess <> .T.) then ? loEc.LastErrorText release loFortuna release loEc return endif // Create the CSR object and set properties. loCsr = createobject("CkCsr") // Specify your CN loCsr.CommonName = "mysubdomain.mydomain.com" // Create the CSR using the private key. loBdCsr = createobject("CkBinData") llSuccess = loCsr.GenCsrBd(loPrivKey,loBdCsr) if (llSuccess = .F.) then ? loCsr.LastErrorText release loPrivKey release loFortuna release loEc release loCsr release loBdCsr return endif // Save the private key and CSR to files. loPrivKey.SavePkcs8EncryptedPemFile("password","c:/temp/qa_output/ec_privkey.pem") release loPrivKey loBdCsr.WriteFile("c:/temp/qa_output/csr.pem") // ---------------------------------------------------------------------- // Now do the CURL request to POST the CSR and get the new certificate. loHttp = createobject("CkHttp") loTlsClientCert = createobject("CkCert") llSuccess = loTlsClientCert.LoadFromFile("data/myTlsClientCert.pem") if (llSuccess = .F.) then ? loTlsClientCert.LastErrorText release loFortuna release loEc release loCsr release loBdCsr release loHttp release loTlsClientCert return endif loBdTlsClientCertPrivKey = createobject("CkBinData") llSuccess = loBdTlsClientCertPrivKey.LoadFile("data/myTlsClientCert.key.pem") if (llSuccess = .F.) then ? "Failed to load data/myTlsClientCert.key.pem" release loFortuna release loEc release loCsr release loBdCsr release loHttp release loTlsClientCert release loBdTlsClientCertPrivKey return endif loTlsClientCertPrivKey = createobject("CkPrivateKey") llSuccess = loTlsClientCertPrivKey.LoadAnyFormat(loBdTlsClientCertPrivKey,"") if (llSuccess = .F.) then ? loTlsClientCertPrivKey.LastErrorText release loFortuna release loEc release loCsr release loBdCsr release loHttp release loTlsClientCert release loBdTlsClientCertPrivKey release loTlsClientCertPrivKey return endif llSuccess = loTlsClientCert.SetPrivateKey(loTlsClientCertPrivKey) if (llSuccess = .F.) then ? loTlsClientCert.LastErrorText release loFortuna release loEc release loCsr release loBdCsr release loHttp release loTlsClientCert release loBdTlsClientCertPrivKey release loTlsClientCertPrivKey return endif loHttp.SetSslClientCert(loTlsClientCert) loHttp.RequireSslCertVerify = .T. // The body of the HTTP request contains the binary CSR. loResp = loHttp.PBinaryBd("POST","https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll",loBdCsr,"application/pkcs10",.F.,.F.) if (loHttp.LastMethodSuccess = .F.) then ? loHttp.LastErrorText release loFortuna release loEc release loCsr release loBdCsr release loHttp release loTlsClientCert release loBdTlsClientCertPrivKey release loTlsClientCertPrivKey return endif if (loResp.StatusCode <> 200) then ? "response status code = " + str(loResp.StatusCode) ? loResp.BodyStr ? "Failed" release loResp release loFortuna release loEc release loCsr release loBdCsr release loHttp release loTlsClientCert release loBdTlsClientCertPrivKey release loTlsClientCertPrivKey return endif // The response is the Base64 DER of the new certificate. loMyNewCert = createobject("CkCert") llSuccess = loMyNewCert.LoadFromBase64(loResp.BodyStr) if (llSuccess = .F.) then ? loMyNewCert.LastErrorText ? "Cert data = " + loResp.BodyStr ? "Failed." release loResp release loFortuna release loEc release loCsr release loBdCsr release loHttp release loTlsClientCert release loBdTlsClientCertPrivKey release loTlsClientCertPrivKey release loMyNewCert return endif release loResp llSuccess = loMyNewCert.SaveToFile("c:/temp/qa_output/myNewCert.cer") if (llSuccess = .F.) then ? loMyNewCert.LastErrorText ? "Failed." release loFortuna release loEc release loCsr release loBdCsr release loHttp release loTlsClientCert release loBdTlsClientCertPrivKey release loTlsClientCertPrivKey release loMyNewCert return endif ? "Success." release loFortuna release loEc release loCsr release loBdCsr release loHttp release loTlsClientCert release loBdTlsClientCertPrivKey release loTlsClientCertPrivKey release loMyNewCert |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.