Lianja
Lianja
Duplicate openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr
See more OpenSSL Examples
Demonstrates how to duplicate this OpenSSL command:openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr
This command creates 2 files:
- mydomain.csr: this is the file to send to DigiCert or Let's Encrypt (or any other CA)
- mydomain.pem: this is the private key of the domain.
The second file is needed to pair with the certificate that will later be received from the CA.
Chilkat Lianja Downloads
llSuccess = .F.
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
loRsa = createobject("CkRsa")
// Generate a 2048-bit key. Chilkat RSA supports
// key sizes ranging from 512 bits to 8192 bits.
loPrivKey = createobject("CkPrivateKey")
llSuccess = loRsa.GenKey(2048,loPrivKey)
if (llSuccess = .F.) then
? loRsa.LastErrorText
release loRsa
release loPrivKey
return
endif
loRsa.UsePrivateKey(loPrivKey)
// Save the private key to unencrypted PKCS8 PEM
llSuccess = loPrivKey.SavePkcs8PemFile("mydomain.pem")
// (alternatively) Save the private key to encrypted PKCS8 PEM
llSuccess = loPrivKey.SavePkcs8EncryptedPemFile("myPassword","mydomain_enc.pem")
// We'll need the private key's modulus for the CSR.
// The modulus is not something that needs to be protected. Most people don't realize
// that a public key is actually just a subset of the private key. The public parts of
// an RSA private key are the modulus and exponent. The exponent is always 65537.
loPrivKeyXml = createobject("CkXml")
llSuccess = loPrivKeyXml.LoadXml(loPrivKey.GetXml())
// Get the modulus in base64 format:
lcKeyModulus = loPrivKeyXml.GetChildContent("Modulus")
// --------------------------------------------------------------------------------
// Now build the CSR using Chilkat's ASN.1 API.
// The keyModulus will be embedded within the ASN.1.
// A new ASN.1 object is automatically a SEQUENCE.
// Given that the CSR's root item is a SEQUENCE, we can use
// this as the root of our CSR.
loAsnRoot = createobject("CkAsn")
// Beneath the root, we have a SEQUENCE (the certificate request info),
// another SEQUENCE (the algorithm identifier), and a BITSTRING (the signature data)
llSuccess = loAsnRoot.AppendSequence()
llSuccess = loAsnRoot.AppendSequence()
// ----------------------------------
// Build the Certificate Request Info
// ----------------------------------
loAsnCertReqInfo = loAsnRoot.GetSubItem(0)
llSuccess = loAsnCertReqInfo.AppendInt(0)
// Build the Subject part of the Certificate Request Info
loAsnCertSubject = loAsnCertReqInfo.AppendSequenceR()
// Add each subject part..
loAsnTemp = loAsnCertSubject.AppendSetR()
llSuccess = loAsnTemp.AppendSequence2()
// AppendSequence2 updates the internal reference to the newly appended SEQUENCE.
// The OID and printable string are added to the SEQUENCE.
llSuccess = loAsnTemp.AppendOid("2.5.4.6")
llSuccess = loAsnTemp.AppendString("printable","US")
release loAsnTemp
loAsnTemp = loAsnCertSubject.AppendSetR()
llSuccess = loAsnTemp.AppendSequence2()
llSuccess = loAsnTemp.AppendOid("2.5.4.8")
llSuccess = loAsnTemp.AppendString("utf8","Utah")
release loAsnTemp
loAsnTemp = loAsnCertSubject.AppendSetR()
llSuccess = loAsnTemp.AppendSequence2()
llSuccess = loAsnTemp.AppendOid("2.5.4.7")
llSuccess = loAsnTemp.AppendString("utf8","Lindon")
release loAsnTemp
loAsnTemp = loAsnCertSubject.AppendSetR()
llSuccess = loAsnTemp.AppendSequence2()
llSuccess = loAsnTemp.AppendOid("2.5.4.10")
llSuccess = loAsnTemp.AppendString("utf8","DigiCert Inc.")
release loAsnTemp
loAsnTemp = loAsnCertSubject.AppendSetR()
llSuccess = loAsnTemp.AppendSequence2()
llSuccess = loAsnTemp.AppendOid("2.5.4.11")
llSuccess = loAsnTemp.AppendString("utf8","DigiCert")
release loAsnTemp
loAsnTemp = loAsnCertSubject.AppendSetR()
llSuccess = loAsnTemp.AppendSequence2()
llSuccess = loAsnTemp.AppendOid("2.5.4.3")
llSuccess = loAsnTemp.AppendString("utf8","example.digicert.com")
release loAsnTemp
release loAsnCertSubject
// Build the Public Key Info part of the Certificate Request Info
loAsnPubKeyInfo = loAsnCertReqInfo.AppendSequenceR()
loAsnPubKeyAlgId = loAsnPubKeyInfo.AppendSequenceR()
llSuccess = loAsnPubKeyAlgId.AppendOid("1.2.840.113549.1.1.1")
llSuccess = loAsnPubKeyAlgId.AppendNull()
release loAsnPubKeyAlgId
// The public key itself is a BIT STRING, but the bit string is composed of ASN.1
// for the RSA public key. We'll first build the RSA ASN.1 for the public key
// (containing the 2048 bit modulus and exponent), and encoded it to DER, and then add
// the DER bytes as a BIT STRING (as a sub-item of asnPubKeyInfo)
// This is already a SEQUENCE..
loAsnRsaKey = createobject("CkAsn")
// The RSA modulus is a big integer.
llSuccess = loAsnRsaKey.AppendBigInt(lcKeyModulus,"base64")
llSuccess = loAsnRsaKey.AppendInt(65537)
lcRsaKeyDerBase64 = loAsnRsaKey.GetEncodedDer("base64")
// Now add the RSA key DER as a BIT STRING.
llSuccess = loAsnPubKeyInfo.AppendBits(lcRsaKeyDerBase64,"base64")
release loAsnPubKeyInfo
// The last part of the certificate request info is an empty context-specific constructed item
// with a tag equal to 0.
llSuccess = loAsnCertReqInfo.AppendContextConstructed(0)
// Get the DER of the asnCertReqInfo.
// This will be signed using the RSA private key.
loBdDer = createobject("CkBinData")
llSuccess = loAsnCertReqInfo.WriteBd(loBdDer)
// Add the signature to the ASN.1
loBdSig = createobject("CkBinData")
llSuccess = loRsa.SignBd(loBdDer,"SHA1",loBdSig)
llSuccess = loAsnRoot.AppendBits(loBdSig.GetEncoded("base64"),"base64")
release loAsnCertReqInfo
// ----------------------------------
// Finally, add the algorithm identifier, which is the 2nd sub-item under the root.
// ----------------------------------
loAsnAlgId = loAsnRoot.GetSubItem(1)
llSuccess = loAsnAlgId.AppendOid("1.2.840.113549.1.1.5")
llSuccess = loAsnAlgId.AppendNull()
release loAsnAlgId
// Write the CSR to a DER encoded binary file:
llSuccess = loAsnRoot.WriteBinaryDer("qa_output/mydomain.csr")
if (llSuccess = .F.) then
? loAsnRoot.LastErrorText
release loRsa
release loPrivKey
release loPrivKeyXml
release loAsnRoot
release loAsnRsaKey
release loBdDer
release loBdSig
return
endif
// It is also possible to get the CSR in base64 format:
lcCsrBase64 = loAsnRoot.GetEncodedDer("base64")
? "Base64 CSR:"
? lcCsrBase64
release loRsa
release loPrivKey
release loPrivKeyXml
release loAsnRoot
release loAsnRsaKey
release loBdDer
release loBdSig