|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PowerBuilder) Renew a DigiCert Certificate from an EST-enabled profileDemonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.)
integer li_rc oleobject loo_Fortuna string ls_Entropy integer li_Success oleobject loo_Ec oleobject loo_PrivKey oleobject loo_Csr oleobject loo_BdCsr oleobject loo_Http oleobject loo_TlsClientCert oleobject loo_BdTlsClientCertPrivKey oleobject loo_TlsClientCertPrivKey oleobject loo_Resp oleobject loo_MyNewCert // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // The example below duplicates the following OpenSSL commands: // // # Name of certificate as argument 1 // // # Make new key // openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem // // # Make csr // openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}" // // # Request new cert // curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem // --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll // // # Convert to PEM // openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem // ------------------------------------------------------------------------------------------------------------------ // Create a Fortuna PRNG and seed it with system entropy. // This will be our source of random data for generating the ECC private key. loo_Fortuna = create oleobject // Use "Chilkat_9_5_0.Prng" for versions of Chilkat < 10.0.0 li_rc = loo_Fortuna.ConnectToNewObject("Chilkat.Prng") if li_rc < 0 then destroy loo_Fortuna MessageBox("Error","Connecting to COM object failed") return end if ls_Entropy = loo_Fortuna.GetEntropy(32,"base64") li_Success = loo_Fortuna.AddEntropy(ls_Entropy,"base64") loo_Ec = create oleobject // Use "Chilkat_9_5_0.Ecc" for versions of Chilkat < 10.0.0 li_rc = loo_Ec.ConnectToNewObject("Chilkat.Ecc") // Generate a random EC private key on the prime256v1 curve. loo_PrivKey = loo_Ec.GenEccKey("prime256v1",loo_Fortuna) if loo_Ec.LastMethodSuccess <> 1 then Write-Debug loo_Ec.LastErrorText destroy loo_Fortuna destroy loo_Ec return end if // Create the CSR object and set properties. loo_Csr = create oleobject // Use "Chilkat_9_5_0.Csr" for versions of Chilkat < 10.0.0 li_rc = loo_Csr.ConnectToNewObject("Chilkat.Csr") // Specify your CN loo_Csr.CommonName = "mysubdomain.mydomain.com" // Create the CSR using the private key. loo_BdCsr = create oleobject // Use "Chilkat_9_5_0.BinData" for versions of Chilkat < 10.0.0 li_rc = loo_BdCsr.ConnectToNewObject("Chilkat.BinData") li_Success = loo_Csr.GenCsrBd(loo_PrivKey,loo_BdCsr) if li_Success = 0 then Write-Debug loo_Csr.LastErrorText destroy loo_PrivKey destroy loo_Fortuna destroy loo_Ec destroy loo_Csr destroy loo_BdCsr return end if // Save the private key and CSR to files. loo_PrivKey.SavePkcs8EncryptedPemFile("password","c:/temp/qa_output/ec_privkey.pem") destroy loo_PrivKey loo_BdCsr.WriteFile("c:/temp/qa_output/csr.pem") // ---------------------------------------------------------------------- // Now do the CURL request to POST the CSR and get the new certificate. loo_Http = create oleobject // Use "Chilkat_9_5_0.Http" for versions of Chilkat < 10.0.0 li_rc = loo_Http.ConnectToNewObject("Chilkat.Http") loo_TlsClientCert = create oleobject // Use "Chilkat_9_5_0.Cert" for versions of Chilkat < 10.0.0 li_rc = loo_TlsClientCert.ConnectToNewObject("Chilkat.Cert") li_Success = loo_TlsClientCert.LoadFromFile("data/myTlsClientCert.pem") if li_Success = 0 then Write-Debug loo_TlsClientCert.LastErrorText destroy loo_Fortuna destroy loo_Ec destroy loo_Csr destroy loo_BdCsr destroy loo_Http destroy loo_TlsClientCert return end if loo_BdTlsClientCertPrivKey = create oleobject // Use "Chilkat_9_5_0.BinData" for versions of Chilkat < 10.0.0 li_rc = loo_BdTlsClientCertPrivKey.ConnectToNewObject("Chilkat.BinData") li_Success = loo_BdTlsClientCertPrivKey.LoadFile("data/myTlsClientCert.key.pem") if li_Success = 0 then Write-Debug "Failed to load data/myTlsClientCert.key.pem" destroy loo_Fortuna destroy loo_Ec destroy loo_Csr destroy loo_BdCsr destroy loo_Http destroy loo_TlsClientCert destroy loo_BdTlsClientCertPrivKey return end if loo_TlsClientCertPrivKey = create oleobject // Use "Chilkat_9_5_0.PrivateKey" for versions of Chilkat < 10.0.0 li_rc = loo_TlsClientCertPrivKey.ConnectToNewObject("Chilkat.PrivateKey") li_Success = loo_TlsClientCertPrivKey.LoadAnyFormat(loo_BdTlsClientCertPrivKey,"") if li_Success = 0 then Write-Debug loo_TlsClientCertPrivKey.LastErrorText destroy loo_Fortuna destroy loo_Ec destroy loo_Csr destroy loo_BdCsr destroy loo_Http destroy loo_TlsClientCert destroy loo_BdTlsClientCertPrivKey destroy loo_TlsClientCertPrivKey return end if li_Success = loo_TlsClientCert.SetPrivateKey(loo_TlsClientCertPrivKey) if li_Success = 0 then Write-Debug loo_TlsClientCert.LastErrorText destroy loo_Fortuna destroy loo_Ec destroy loo_Csr destroy loo_BdCsr destroy loo_Http destroy loo_TlsClientCert destroy loo_BdTlsClientCertPrivKey destroy loo_TlsClientCertPrivKey return end if loo_Http.SetSslClientCert(loo_TlsClientCert) loo_Http.RequireSslCertVerify = 1 // The body of the HTTP request contains the binary CSR. loo_Resp = loo_Http.PBinaryBd("POST","https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll",loo_BdCsr,"application/pkcs10",0,0) if loo_Http.LastMethodSuccess = 0 then Write-Debug loo_Http.LastErrorText destroy loo_Fortuna destroy loo_Ec destroy loo_Csr destroy loo_BdCsr destroy loo_Http destroy loo_TlsClientCert destroy loo_BdTlsClientCertPrivKey destroy loo_TlsClientCertPrivKey return end if if loo_Resp.StatusCode <> 200 then Write-Debug "response status code = " + string(loo_Resp.StatusCode) Write-Debug loo_Resp.BodyStr Write-Debug "Failed" destroy loo_Resp destroy loo_Fortuna destroy loo_Ec destroy loo_Csr destroy loo_BdCsr destroy loo_Http destroy loo_TlsClientCert destroy loo_BdTlsClientCertPrivKey destroy loo_TlsClientCertPrivKey return end if // The response is the Base64 DER of the new certificate. loo_MyNewCert = create oleobject // Use "Chilkat_9_5_0.Cert" for versions of Chilkat < 10.0.0 li_rc = loo_MyNewCert.ConnectToNewObject("Chilkat.Cert") li_Success = loo_MyNewCert.LoadFromBase64(loo_Resp.BodyStr) if li_Success = 0 then Write-Debug loo_MyNewCert.LastErrorText Write-Debug "Cert data = " + loo_Resp.BodyStr Write-Debug "Failed." destroy loo_Resp destroy loo_Fortuna destroy loo_Ec destroy loo_Csr destroy loo_BdCsr destroy loo_Http destroy loo_TlsClientCert destroy loo_BdTlsClientCertPrivKey destroy loo_TlsClientCertPrivKey destroy loo_MyNewCert return end if destroy loo_Resp li_Success = loo_MyNewCert.SaveToFile("c:/temp/qa_output/myNewCert.cer") if li_Success = 0 then Write-Debug loo_MyNewCert.LastErrorText Write-Debug "Failed." destroy loo_Fortuna destroy loo_Ec destroy loo_Csr destroy loo_BdCsr destroy loo_Http destroy loo_TlsClientCert destroy loo_BdTlsClientCertPrivKey destroy loo_TlsClientCertPrivKey destroy loo_MyNewCert return end if Write-Debug "Success." destroy loo_Fortuna destroy loo_Ec destroy loo_Csr destroy loo_BdCsr destroy loo_Http destroy loo_TlsClientCert destroy loo_BdTlsClientCertPrivKey destroy loo_TlsClientCertPrivKey destroy loo_MyNewCert |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.