Ruby
Ruby
Generate a CSR containing an Extension Request
See more CSR Examples
Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest.Chilkat Ruby Downloads
require 'chilkat'
success = false
# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# This example will generate a secp256r1 ECDSA key for the CSR.
ecc = Chilkat::CkEcc.new()
prng = Chilkat::CkPrng.new()
privKey = Chilkat::CkPrivateKey.new()
success = ecc.GenKey("secp256r1",prng,privKey)
if (success == false)
print "Failed to generate a new ECDSA private key." + "\n";
exit
end
csr = Chilkat::CkCsr.new()
# Add common CSR fields:
csr.put_CommonName("mysubdomain.mydomain.com")
csr.put_Country("GB")
csr.put_State("Yorks")
csr.put_Locality("York")
csr.put_Company("Internet Widgits Pty Ltd")
csr.put_EmailAddress("support@mydomain.com")
# Add the following 1.2.840.113549.1.9.14 extensionRequest
# Note: The easiest way to know the content and format of the XML to be added is to examine
# a pre-existing CSR with the same desired extensionRequest. You can use Chilkat to
# get the extensionRequest from an existing CSR.
#
# Here is a sample extension request:
# <?xml version="1.0" encoding="utf-8"?>
# <set>
# <sequence>
# <sequence>
# <oid>1.3.6.1.4.1.311.20.2</oid>
# <asnOctets>
# <printable>ZATCA-Code-Signing</printable>
# </asnOctets>
# </sequence>
# <sequence>
# <oid>2.5.29.17</oid>
# <asnOctets>
# <sequence>
# <contextSpecific tag="4" constructed="1">
# <sequence>
# <set>
# <sequence>
# <oid>2.5.4.4</oid>
# <utf8>334623324234325</utf8>
# </sequence>
# </set>
# <set>
# <sequence>
# <oid>0.9.2342.19200300.100.1.1</oid>
# <utf8>310122393500003</utf8>
# </sequence>
# </set>
# <set>
# <sequence>
# <oid>2.5.4.12</oid>
# <utf8>0000</utf8>
# </sequence>
# </set>
# <set>
# <sequence>
# <oid>2.5.4.26</oid>
# <utf8>Sample E</utf8>
# </sequence>
# </set>
# <set>
# <sequence>
# <oid>2.5.4.15</oid>
# <utf8>Sample Business</utf8>
# </sequence>
# </set>
# </sequence>
# </contextSpecific>
# </sequence>
# </asnOctets>
# </sequence>
# </sequence>
# </set>
# Use this online tool to generate code from sample XML:
# Generate Code to Create XML
# Here's the code to generate the above extension request.
xml = Chilkat::CkXml.new()
xml.put_Tag("set")
xml.UpdateChildContent("sequence|sequence|oid","1.3.6.1.4.1.311.20.2")
xml.UpdateChildContent("sequence|sequence|asnOctets|printable","ZATCA-Code-Signing")
xml.UpdateChildContent("sequence|sequence[1]|oid","2.5.29.17")
xml.UpdateAttrAt("sequence|sequence[1]|asnOctets|sequence|contextSpecific",true,"tag","4")
xml.UpdateAttrAt("sequence|sequence[1]|asnOctets|sequence|contextSpecific",true,"constructed","1")
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|oid","2.5.4.4")
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|utf8","334623324234325")
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|oid","0.9.2342.19200300.100.1.1")
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|utf8","310122393500003")
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|oid","2.5.4.12")
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|utf8","0000")
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|oid","2.5.4.26")
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|utf8","Sample E")
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|oid","2.5.4.15")
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|utf8","Sample Business")
# Add the extension request to the CSR
csr.SetExtensionRequest(xml)
# Generate the CSR with the extension request
csrPem = csr.genCsrPem(privKey)
if (csr.get_LastMethodSuccess() == false)
print csr.lastErrorText() + "\n";
exit
end
print csrPem + "\n";
# Sample PEM output:
# -----BEGIN CERTIFICATE REQUEST-----
# MIICEjCCAbkCAQAwgZcxITAfBgNVBAMMGG15c3ViZG9tYWluLm15ZG9tYWluLmNv
# bTELMAkGA1UEBhMCR0IxDjAMBgNVBAgMBVlvcmtzMQ0wCwYDVQQHDARZb3JrMSEw
# HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxIzAhBgkqhkiG9w0BCQEW
# FHN1cHBvcnRAbXlkb21haW4uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
# g8EVNSV0ttlM9kG2E+J3ZB9WEDYVf2QA/8idrPRUafia1CHjd1kslwZA8eP2bAcf
# 2O493QAENqtW6DTHJbRz8KCBvjCBuwYJKoZIhvcNAQkOMYGtMIGqMCEGCSsGAQQB
# gjcUAgQUExJaQVRDQS1Db2RlLVNpZ25pbmcwgYQGA1UdEQR9MHukeTB3MRgwFgYD
# VQQEDA8zMzQ2MjMzMjQyMzQzMjUxHzAdBgoJkiaJk/IsZAEBDA8zMTAxMjIzOTM1
# MDAwMDMxDTALBgNVBAwMBDAwMDAxETAPBgNVBBoMCFNhbXBsZSBFMRgwFgYDVQQP
# DA9TYW1wbGUgQnVzaW5lc3MwCgYIKoZIzj0EAwIDRwAwRAIgF7D30eSBklfo+oel
# 1B0z64eJDB9MB3rCoiFZlj+mz0YCIHYI87eyqdtw2LOcAoBRhyxlBT6i28+Z/8t9
# bYsMIYvp
# -----END CERTIFICATE REQUEST-----