Sample code for 30+ languages & platforms
Objective-C

Generate a CSR with SAN (Subject Alternative Name) Extension

See more CSR Examples

Demonstrates how to generate a private key and a Certificate Signing Request (CSR) that includes the SAN extension.

Chilkat Objective-C Downloads

Objective-C
#import <CkoRsa.h>
#import <CkoPrivateKey.h>
#import <CkoCsr.h>
#import <NSString.h>
#import <CkoFileAccess.h>

BOOL success = NO;

// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// First generate an RSA private key.
// (It is also possible to create CSRs based on ECDSA private keys..)
CkoRsa *rsa = [[CkoRsa alloc] init];

// Generate a random 2048-bit RSA key.
CkoPrivateKey *privKey = [[CkoPrivateKey alloc] init];
success = [rsa GenKey: [NSNumber numberWithInt: 2048] privKey: privKey];
if (success == NO) {
    NSLog(@"%@",rsa.LastErrorText);
    return;
}

// Create the CSR object and set properties.
CkoCsr *csr = [[CkoCsr alloc] init];

// Specify the Common Name. 
csr.CommonName = @"mysubdomain.mydomain.com";

// Country Name (2 letter code)
csr.Country = @"GB";

// State or Province Name (full name)
csr.State = @"Yorks";

// Locality Name (eg, city)
csr.Locality = @"York";

// Organization Name (eg, company)
csr.Company = @"Internet Widgits Pty Ltd";

// Organizational Unit Name (eg, secion/division)
csr.CompanyDivision = @"IT";

// Email address
csr.EmailAddress = @"support@mydomain.com";

// Add Subject Alternative Names
// (The AddSan method is added in Chilkat v9.5.0.84)
// Call AddSan for each alternative name.
success = [csr AddSan: @"dnsName" sanValue: @"mydomain.com"];
success = [csr AddSan: @"dnsName" sanValue: @"mysubdomain.mydomain.com"];
success = [csr AddSan: @"ipAddress" sanValue: @"192.168.0.123"];

// Create the CSR using the private key.
NSString *pemStr = [csr GenCsrPem: privKey];
if (csr.LastMethodSuccess != YES) {
    NSLog(@"%@",csr.LastErrorText);
    return;
}

// Save the private key and CSR to a files.
[privKey SavePkcs8EncryptedPemFile: @"password" path: @"qa_output/privKey1.pem"];

CkoFileAccess *fac = [[CkoFileAccess alloc] init];
[fac WriteEntireTextFile: @"qa_output/csr1.pem" fileData: pemStr charset: @"utf-8" includePreamble: NO];

// Show the CSR.
NSLog(@"%@",pemStr);

// Sample output:

// 	-----BEGIN CERTIFICATE REQUEST-----
// 	MIIC6jCCAdICAQAwgaQxITAfBgNVBAMMGG15c3ViZG9tYWluLm15ZG9tYWluLmNv
// 	bTELMAkGA1UEBhMCR0IxDjAMBgNVBAgMBVlvcmtzMQ0wCwYDVQQHDARZb3JrMSEw
// 	HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCzAJBgNVBAsMAklUMSMw
// 	IQYJKoZIhvcNAQkBFhRzdXBwb3J0QG15ZG9tYWluLmNvbTCCASIwDQYJKoZIhvcN
// 	AQEBBQADggEPADCCAQoCggEBALnQ0un/wF8whk+gPuiAlf3qvx14jgAOV6Erm6EB
// 	H7WACPCpnKcm/8KP+7uoPiwRQaENhMeCgf45vcivl2p6aAn/spLXyEkXyw2d8wFb
// 	YYAGRkiz4Xf7ASJiKuwcOtORz+sSDzgtdfokHfXU1cYeFE2yQhSdLUY5fMn425+g
// 	KoEEsRSjSDe6AKru4+4iGNrLKd8pB9IA5/jOE139IkWlB9r5fEPD5bUTsgqXk9eb
// 	68O0gc712V2eZK07N24lDmFC4bIMTD4csDWocR5hFHXj7NX7c8sOBDcpEb9mPIk4
// 	elxubnhkfnjhOi4J3lDHcT/0ALnbLhf9LnaiKqs+5VcVZvECAwEAAaAAMA0GCSqG
// 	SIb3DQEBBQUAA4IBAQC0AETLIcP3foh5nbu2hVFS8uCUNZ5hEIR1eXmYZmZoBQq2
// 	26ZAoT4CZwixlggC+n7WvAXJ5Pzxpl4wLV4loTiQzaKPX1w0ERo5ZRwLy0n56oG2
// 	6QG+WTViT1C8rlgtVwkCFNOXr0kSSRs8FdaPllqKxK1hxYSL7zwNpumsk39F2cDt
// 	vhcekvH0V3BuGrQFm3dKN/0azW6GOod9+Vq4VzSyOe3kp15oxLBsZOFOu/REujcw
// 	Tzu2jt1asQKUm60CZ9wNHpYepR0Ww40uP1slbehEaFDa6V8b60/tlHHmBbJ4/fy5
// 	hJnYCvjzFz4O9VtT+JtP9ldRHWV3KpZ8ne3AjD+F
// 	-----END CERTIFICATE REQUEST-----