|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PHP ActiveX) Generate a CSR with keyUsage, extKeyUsage, and other ExtensionsSee more CSR ExamplesDemonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest with the following extensions:
<?php // This requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // This example will generate a secp256r1 ECDSA key for the CSR. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Ecc') $ecc = new COM("Chilkat.Ecc"); // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Prng') $prng = new COM("Chilkat.Prng"); // privKey is a Chilkat.PrivateKey $privKey = $ecc->GenEccKey('secp256r1',$prng); if ($ecc->LastMethodSuccess == 0) { print 'Failed to generate a new ECDSA private key.' . "\n"; exit; } // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Csr') $csr = new COM("Chilkat.Csr"); // Add common CSR fields: $csr->CommonName = 'mysubdomain.mydomain.com'; $csr->Country = 'GB'; $csr->State = 'Yorks'; $csr->Locality = 'York'; $csr->Company = 'Internet Widgits Pty Ltd'; $csr->EmailAddress = 'support@mydomain.com'; // Add the following 1.2.840.113549.1.9.14 extensionRequest // Note: The easiest way to know the content and format of the XML to be added is to examine // a pre-existing CSR with the same desired extensionRequest. You can use Chilkat to // get the extensionRequest from an existing CSR. // // Here is a sample extension request: // <?xml version="1.0" encoding="utf-8"?> // <set> // <sequence> // <sequence> // <oid>1.3.6.1.4.1.311.20.2</oid> // <asnOctets> // <universal tag="30" constructed="0">AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABl // AF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx</universal> // </asnOctets> // </sequence> // <sequence> // <oid>2.5.29.15</oid> // <bool>1</bool> // <asnOctets> // <bits n="3">A0</bits> // </asnOctets> // </sequence> // <sequence> // <oid>2.5.29.37</oid> // <asnOctets> // <sequence> // <oid>1.3.6.1.5.5.7.3.3</oid> // </sequence> // </asnOctets> // </sequence> // <sequence> // <oid>2.5.29.14</oid> // <asnOctets> // <octets>MCzBMQAViXBz8IDt8LsgmJxJ4Xg=</octets> // </asnOctets> // </sequence> // </sequence> // </set> // Use this online tool to generate code from sample XML: // Generate Code to Create XML // A few notes: // The string "AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABlAF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx" // is the base64 encoding of the utf-16be byte representation of the string "EndEntityClientAuthCertificate_CSRPassthrough/V1" $s = 'EndEntityClientAuthCertificate_CSRPassthrough/V1'; // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.BinData') $bdTemp = new COM("Chilkat.BinData"); $bdTemp->AppendString($s,'utf-16be'); $s_base64_utf16be = $bdTemp->getEncoded('base64'); // The string should be "AEUA....." print $s_base64_utf16be . "\n"; // Here's the code to generate the above extension request. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Xml') $xml = new COM("Chilkat.Xml"); $xml->Tag = 'set'; $xml->UpdateChildContent('sequence|sequence|oid','1.3.6.1.4.1.311.20.2'); $xml->UpdateAttrAt('sequence|sequence|asnOctets|universal',1,'tag','30'); $xml->UpdateAttrAt('sequence|sequence|asnOctets|universal',1,'constructed','0'); $xml->UpdateChildContent('sequence|sequence|asnOctets|universal',$s_base64_utf16be); $xml->UpdateChildContent('sequence|sequence[1]|oid','2.5.29.15'); $xml->UpdateChildContent('sequence|sequence[1]|bool','1'); $xml->UpdateAttrAt('sequence|sequence[1]|asnOctets|bits',1,'n','3'); // A0 is hex for decimal 160. $xml->UpdateChildContent('sequence|sequence[1]|asnOctets|bits','A0'); $xml->UpdateChildContent('sequence|sequence[2]|oid','2.5.29.37'); $xml->UpdateChildContent('sequence|sequence[2]|asnOctets|sequence|oid','1.3.6.1.5.5.7.3.3'); // This is the subjectKeyIdentifier extension. // The string "MCzBMQAViXBz8IDt8LsgmJxJ4Xg=" is base64 that decodes to 20 bytes, which is a SHA1 hash. // This is simply a hash of the DER of the public key. // pubKey is a Chilkat.PublicKey $pubKey = $privKey->GetPublicKey(); // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.BinData') $bdPubKeyDer = new COM("Chilkat.BinData"); $bdPubKeyDer->AppendEncoded($pubKey->getEncoded(1,'base64'),'base64'); $ski = $bdPubKeyDer->getHash('sha1','base64'); $xml->UpdateChildContent('sequence|sequence[3]|oid','2.5.29.14'); $xml->UpdateChildContent('sequence|sequence[3]|asnOctets|octets',$ski); // Add the extension request to the CSR $csr->SetExtensionRequest($xml); // Generate the CSR with the extension request $csrPem = $csr->genCsrPem($privKey); if ($csr->LastMethodSuccess == 0) { print $csr->LastErrorText . "\n"; exit; } print $csrPem . "\n"; ?> |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.