Ruby
Ruby
Generate a CSR with keyUsage, extKeyUsage, and other Extensions
See more CSR Examples
Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest with the following extensions:- 1.3.6.1.4.1.311.20.2 enrollCerttypeExtension
- 2.5.29.15 keyUsage
- 2.5.29.37 extKeyUsage
- 2.5.29.14 subjectKeyIdentifier
Chilkat Ruby Downloads
require 'chilkat'
success = false
# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# This example will generate a secp256r1 ECDSA key for the CSR.
ecc = Chilkat::CkEcc.new()
prng = Chilkat::CkPrng.new()
privKey = Chilkat::CkPrivateKey.new()
success = ecc.GenKey("secp256r1",prng,privKey)
if (success == false)
print "Failed to generate a new ECDSA private key." + "\n";
exit
end
csr = Chilkat::CkCsr.new()
# Add common CSR fields:
csr.put_CommonName("mysubdomain.mydomain.com")
csr.put_Country("GB")
csr.put_State("Yorks")
csr.put_Locality("York")
csr.put_Company("Internet Widgits Pty Ltd")
csr.put_EmailAddress("support@mydomain.com")
# Add the following 1.2.840.113549.1.9.14 extensionRequest
# Note: The easiest way to know the content and format of the XML to be added is to examine
# a pre-existing CSR with the same desired extensionRequest. You can use Chilkat to
# get the extensionRequest from an existing CSR.
#
# Here is a sample extension request:
# <?xml version="1.0" encoding="utf-8"?>
# <set>
# <sequence>
# <sequence>
# <oid>1.3.6.1.4.1.311.20.2</oid>
# <asnOctets>
# <universal tag="30" constructed="0">AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABl
# AF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx</universal>
# </asnOctets>
# </sequence>
# <sequence>
# <oid>2.5.29.15</oid>
# <bool>1</bool>
# <asnOctets>
# <bits n="3">A0</bits>
# </asnOctets>
# </sequence>
# <sequence>
# <oid>2.5.29.37</oid>
# <asnOctets>
# <sequence>
# <oid>1.3.6.1.5.5.7.3.3</oid>
# </sequence>
# </asnOctets>
# </sequence>
# <sequence>
# <oid>2.5.29.14</oid>
# <asnOctets>
# <octets>MCzBMQAViXBz8IDt8LsgmJxJ4Xg=</octets>
# </asnOctets>
# </sequence>
# </sequence>
# </set>
# Use this online tool to generate code from sample XML:
# Generate Code to Create XML
# A few notes:
# The string "AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABlAF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx"
# is the base64 encoding of the utf-16be byte representation of the string "EndEntityClientAuthCertificate_CSRPassthrough/V1"
s = "EndEntityClientAuthCertificate_CSRPassthrough/V1"
bdTemp = Chilkat::CkBinData.new()
bdTemp.AppendString(s,"utf-16be")
s_base64_utf16be = bdTemp.getEncoded("base64")
# The string should be "AEUA....."
print s_base64_utf16be + "\n";
# Here's the code to generate the above extension request.
xml = Chilkat::CkXml.new()
xml.put_Tag("set")
xml.UpdateChildContent("sequence|sequence|oid","1.3.6.1.4.1.311.20.2")
xml.UpdateAttrAt("sequence|sequence|asnOctets|universal",true,"tag","30")
xml.UpdateAttrAt("sequence|sequence|asnOctets|universal",true,"constructed","0")
xml.UpdateChildContent("sequence|sequence|asnOctets|universal",s_base64_utf16be)
xml.UpdateChildContent("sequence|sequence[1]|oid","2.5.29.15")
xml.UpdateChildContent("sequence|sequence[1]|bool","1")
xml.UpdateAttrAt("sequence|sequence[1]|asnOctets|bits",true,"n","3")
# A0 is hex for decimal 160.
xml.UpdateChildContent("sequence|sequence[1]|asnOctets|bits","A0")
xml.UpdateChildContent("sequence|sequence[2]|oid","2.5.29.37")
xml.UpdateChildContent("sequence|sequence[2]|asnOctets|sequence|oid","1.3.6.1.5.5.7.3.3")
# This is the subjectKeyIdentifier extension.
# The string "MCzBMQAViXBz8IDt8LsgmJxJ4Xg=" is base64 that decodes to 20 bytes, which is a SHA1 hash.
# This is simply a hash of the DER of the public key.
pubKey = Chilkat::CkPublicKey.new()
privKey.ToPublicKey(pubKey)
bdPubKeyDer = Chilkat::CkBinData.new()
bdPubKeyDer.AppendEncoded(pubKey.getEncoded(true,"base64"),"base64")
ski = bdPubKeyDer.getHash("sha1","base64")
xml.UpdateChildContent("sequence|sequence[3]|oid","2.5.29.14")
xml.UpdateChildContent("sequence|sequence[3]|asnOctets|octets",ski)
# Add the extension request to the CSR
csr.SetExtensionRequest(xml)
# Generate the CSR with the extension request
csrPem = csr.genCsrPem(privKey)
if (csr.get_LastMethodSuccess() == false)
print csr.lastErrorText() + "\n";
exit
end
print csrPem + "\n";