|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Node.js) Renew a DigiCert Certificate from an EST-enabled profileDemonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.)
var os = require('os'); if (os.platform() == 'win32') { if (os.arch() == 'ia32') { var chilkat = require('@chilkat/ck-node21-win-ia32'); } else { var chilkat = require('@chilkat/ck-node21-win64'); } } else if (os.platform() == 'linux') { if (os.arch() == 'arm') { var chilkat = require('@chilkat/ck-node21-arm'); } else if (os.arch() == 'x86') { var chilkat = require('@chilkat/ck-node21-linux32'); } else { var chilkat = require('@chilkat/ck-node21-linux64'); } } else if (os.platform() == 'darwin') { if (os.arch() == 'arm64') { var chilkat = require('@chilkat/ck-node21-mac-m1'); } else { var chilkat = require('@chilkat/ck-node21-macosx'); } } function chilkatExample() { // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // The example below duplicates the following OpenSSL commands: // // # Name of certificate as argument 1 // // # Make new key // openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem // // # Make csr // openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}" // // # Request new cert // curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem // --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll // // # Convert to PEM // openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem // ------------------------------------------------------------------------------------------------------------------ // Create a Fortuna PRNG and seed it with system entropy. // This will be our source of random data for generating the ECC private key. var fortuna = new chilkat.Prng(); var entropy = fortuna.GetEntropy(32,"base64"); var success = fortuna.AddEntropy(entropy,"base64"); var ec = new chilkat.Ecc(); // Generate a random EC private key on the prime256v1 curve. // privKey: PrivateKey var privKey = ec.GenEccKey("prime256v1",fortuna); if (ec.LastMethodSuccess !== true) { console.log(ec.LastErrorText); return; } // Create the CSR object and set properties. var csr = new chilkat.Csr(); // Specify your CN csr.CommonName = "mysubdomain.mydomain.com"; // Create the CSR using the private key. var bdCsr = new chilkat.BinData(); success = csr.GenCsrBd(privKey,bdCsr); if (success == false) { console.log(csr.LastErrorText); return; } // Save the private key and CSR to files. privKey.SavePkcs8EncryptedPemFile("password","c:/temp/qa_output/ec_privkey.pem"); bdCsr.WriteFile("c:/temp/qa_output/csr.pem"); // ---------------------------------------------------------------------- // Now do the CURL request to POST the CSR and get the new certificate. var http = new chilkat.Http(); var tlsClientCert = new chilkat.Cert(); success = tlsClientCert.LoadFromFile("data/myTlsClientCert.pem"); if (success == false) { console.log(tlsClientCert.LastErrorText); return; } var bdTlsClientCertPrivKey = new chilkat.BinData(); success = bdTlsClientCertPrivKey.LoadFile("data/myTlsClientCert.key.pem"); if (success == false) { console.log("Failed to load data/myTlsClientCert.key.pem"); return; } var tlsClientCertPrivKey = new chilkat.PrivateKey(); success = tlsClientCertPrivKey.LoadAnyFormat(bdTlsClientCertPrivKey,""); if (success == false) { console.log(tlsClientCertPrivKey.LastErrorText); return; } success = tlsClientCert.SetPrivateKey(tlsClientCertPrivKey); if (success == false) { console.log(tlsClientCert.LastErrorText); return; } http.SetSslClientCert(tlsClientCert); http.RequireSslCertVerify = true; // The body of the HTTP request contains the binary CSR. // resp: HttpResponse var resp = http.PBinaryBd("POST","https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll",bdCsr,"application/pkcs10",false,false); if (http.LastMethodSuccess == false) { console.log(http.LastErrorText); return; } if (resp.StatusCode !== 200) { console.log("response status code = " + resp.StatusCode); console.log(resp.BodyStr); console.log("Failed"); return; } // The response is the Base64 DER of the new certificate. var myNewCert = new chilkat.Cert(); success = myNewCert.LoadFromBase64(resp.BodyStr); if (success == false) { console.log(myNewCert.LastErrorText); console.log("Cert data = " + resp.BodyStr); console.log("Failed."); return; } success = myNewCert.SaveToFile("c:/temp/qa_output/myNewCert.cer"); if (success == false) { console.log(myNewCert.LastErrorText); console.log("Failed."); return; } console.log("Success."); } chilkatExample(); |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.