|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PHP ActiveX) Renew a DigiCert Certificate from an EST-enabled profileDemonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.)
<?php // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // The example below duplicates the following OpenSSL commands: // // # Name of certificate as argument 1 // // # Make new key // openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem // // # Make csr // openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}" // // # Request new cert // curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem // --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll // // # Convert to PEM // openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem // ------------------------------------------------------------------------------------------------------------------ // Create a Fortuna PRNG and seed it with system entropy. // This will be our source of random data for generating the ECC private key. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Prng') $fortuna = new COM("Chilkat.Prng"); $entropy = $fortuna->getEntropy(32,'base64'); $success = $fortuna->AddEntropy($entropy,'base64'); // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Ecc') $ec = new COM("Chilkat.Ecc"); // Generate a random EC private key on the prime256v1 curve. // privKey is a Chilkat.PrivateKey $privKey = $ec->GenEccKey('prime256v1',$fortuna); if ($ec->LastMethodSuccess != 1) { print $ec->LastErrorText . "\n"; exit; } // Create the CSR object and set properties. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Csr') $csr = new COM("Chilkat.Csr"); // Specify your CN $csr->CommonName = 'mysubdomain.mydomain.com'; // Create the CSR using the private key. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.BinData') $bdCsr = new COM("Chilkat.BinData"); $success = $csr->GenCsrBd($privKey,$bdCsr); if ($success == 0) { print $csr->LastErrorText . "\n"; exit; } // Save the private key and CSR to files. $privKey->SavePkcs8EncryptedPemFile('password','c:/temp/qa_output/ec_privkey.pem'); $bdCsr->WriteFile('c:/temp/qa_output/csr.pem'); // ---------------------------------------------------------------------- // Now do the CURL request to POST the CSR and get the new certificate. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Http') $http = new COM("Chilkat.Http"); // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Cert') $tlsClientCert = new COM("Chilkat.Cert"); $success = $tlsClientCert->LoadFromFile('data/myTlsClientCert.pem'); if ($success == 0) { print $tlsClientCert->LastErrorText . "\n"; exit; } // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.BinData') $bdTlsClientCertPrivKey = new COM("Chilkat.BinData"); $success = $bdTlsClientCertPrivKey->LoadFile('data/myTlsClientCert.key.pem'); if ($success == 0) { print 'Failed to load data/myTlsClientCert.key.pem' . "\n"; exit; } // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.PrivateKey') $tlsClientCertPrivKey = new COM("Chilkat.PrivateKey"); $success = $tlsClientCertPrivKey->LoadAnyFormat($bdTlsClientCertPrivKey,''); if ($success == 0) { print $tlsClientCertPrivKey->LastErrorText . "\n"; exit; } $success = $tlsClientCert->SetPrivateKey($tlsClientCertPrivKey); if ($success == 0) { print $tlsClientCert->LastErrorText . "\n"; exit; } $http->SetSslClientCert($tlsClientCert); $http->RequireSslCertVerify = 1; // The body of the HTTP request contains the binary CSR. // resp is a Chilkat.HttpResponse $resp = $http->PBinaryBd('POST','https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll',$bdCsr,'application/pkcs10',0,0); if ($http->LastMethodSuccess == 0) { print $http->LastErrorText . "\n"; exit; } if ($resp->StatusCode != 200) { print 'response status code = ' . $resp->StatusCode . "\n"; print $resp->BodyStr . "\n"; print 'Failed' . "\n"; exit; } // The response is the Base64 DER of the new certificate. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Cert') $myNewCert = new COM("Chilkat.Cert"); $success = $myNewCert->LoadFromBase64($resp->BodyStr); if ($success == 0) { print $myNewCert->LastErrorText . "\n"; print 'Cert data = ' . $resp->BodyStr . "\n"; print 'Failed.' . "\n"; exit; } $success = $myNewCert->SaveToFile('c:/temp/qa_output/myNewCert.cer'); if ($success == 0) { print $myNewCert->LastErrorText . "\n"; print 'Failed.' . "\n"; exit; } print 'Success.' . "\n"; ?> |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.