|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PowerShell) Renew a DigiCert Certificate from an EST-enabled profileDemonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.)
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll" # This example requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. # The example below duplicates the following OpenSSL commands: # # # Name of certificate as argument 1 # # # Make new key # openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem # # # Make csr # openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}" # # # Request new cert # curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem # --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll # # # Convert to PEM # openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem # ------------------------------------------------------------------------------------------------------------------ # Create a Fortuna PRNG and seed it with system entropy. # This will be our source of random data for generating the ECC private key. $fortuna = New-Object Chilkat.Prng $entropy = $fortuna.GetEntropy(32,"base64") $success = $fortuna.AddEntropy($entropy,"base64") $ec = New-Object Chilkat.Ecc # Generate a random EC private key on the prime256v1 curve. $privKey = $ec.GenEccKey("prime256v1",$fortuna) if ($ec.LastMethodSuccess -ne $true) { $($ec.LastErrorText) exit } # Create the CSR object and set properties. $csr = New-Object Chilkat.Csr # Specify your CN $csr.CommonName = "mysubdomain.mydomain.com" # Create the CSR using the private key. $bdCsr = New-Object Chilkat.BinData $success = $csr.GenCsrBd($privKey,$bdCsr) if ($success -eq $false) { $($csr.LastErrorText) exit } # Save the private key and CSR to files. $privKey.SavePkcs8EncryptedPemFile("password","c:/temp/qa_output/ec_privkey.pem") $bdCsr.WriteFile("c:/temp/qa_output/csr.pem") # ---------------------------------------------------------------------- # Now do the CURL request to POST the CSR and get the new certificate. $http = New-Object Chilkat.Http $tlsClientCert = New-Object Chilkat.Cert $success = $tlsClientCert.LoadFromFile("data/myTlsClientCert.pem") if ($success -eq $false) { $($tlsClientCert.LastErrorText) exit } $bdTlsClientCertPrivKey = New-Object Chilkat.BinData $success = $bdTlsClientCertPrivKey.LoadFile("data/myTlsClientCert.key.pem") if ($success -eq $false) { $("Failed to load data/myTlsClientCert.key.pem") exit } $tlsClientCertPrivKey = New-Object Chilkat.PrivateKey $success = $tlsClientCertPrivKey.LoadAnyFormat($bdTlsClientCertPrivKey,"") if ($success -eq $false) { $($tlsClientCertPrivKey.LastErrorText) exit } $success = $tlsClientCert.SetPrivateKey($tlsClientCertPrivKey) if ($success -eq $false) { $($tlsClientCert.LastErrorText) exit } $http.SetSslClientCert($tlsClientCert) $http.RequireSslCertVerify = $true # The body of the HTTP request contains the binary CSR. $resp = $http.PBinaryBd("POST","https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll",$bdCsr,"application/pkcs10",$false,$false) if ($http.LastMethodSuccess -eq $false) { $($http.LastErrorText) exit } if ($resp.StatusCode -ne 200) { $("response status code = " + $resp.StatusCode) $($resp.BodyStr) $("Failed") exit } # The response is the Base64 DER of the new certificate. $myNewCert = New-Object Chilkat.Cert $success = $myNewCert.LoadFromBase64($resp.BodyStr) if ($success -eq $false) { $($myNewCert.LastErrorText) $("Cert data = " + $resp.BodyStr) $("Failed.") exit } $success = $myNewCert.SaveToFile("c:/temp/qa_output/myNewCert.cer") if ($success -eq $false) { $($myNewCert.LastErrorText) $("Failed.") exit } $("Success.") |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.