Sample code for 30+ languages & platforms
SQL Server

Generate a CSR containing an Extension Request

See more CSR Examples

Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    -- This example will generate a secp256r1 ECDSA key for the CSR.
    DECLARE @ecc int
    EXEC @hr = sp_OACreate 'Chilkat.Ecc', @ecc OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @prng int
    EXEC @hr = sp_OACreate 'Chilkat.Prng', @prng OUT

    DECLARE @privKey int
    EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @privKey OUT

    EXEC sp_OAMethod @ecc, 'GenKey', @success OUT, 'secp256r1', @prng, @privKey
    IF @success = 0
      BEGIN

        PRINT 'Failed to generate a new ECDSA private key.'
        EXEC @hr = sp_OADestroy @ecc
        EXEC @hr = sp_OADestroy @prng
        EXEC @hr = sp_OADestroy @privKey
        RETURN
      END

    DECLARE @csr int
    EXEC @hr = sp_OACreate 'Chilkat.Csr', @csr OUT

    -- Add common CSR fields:
    EXEC sp_OASetProperty @csr, 'CommonName', 'mysubdomain.mydomain.com'
    EXEC sp_OASetProperty @csr, 'Country', 'GB'
    EXEC sp_OASetProperty @csr, 'State', 'Yorks'
    EXEC sp_OASetProperty @csr, 'Locality', 'York'
    EXEC sp_OASetProperty @csr, 'Company', 'Internet Widgits Pty Ltd'
    EXEC sp_OASetProperty @csr, 'EmailAddress', 'support@mydomain.com'

    -- Add the following 1.2.840.113549.1.9.14 extensionRequest
    -- Note: The easiest way to know the content and format of the XML to be added is to examine
    -- a pre-existing CSR with the same desired extensionRequest.  You can use Chilkat to
    -- get the extensionRequest from an existing CSR. 

    -- 
    -- Here is a sample extension request:

    -- <?xml version="1.0" encoding="utf-8"?>
    -- <set>
    --    <sequence>
    --        <sequence>
    --            <oid>1.3.6.1.4.1.311.20.2</oid>
    --            <asnOctets>
    --                <printable>ZATCA-Code-Signing</printable>
    --            </asnOctets>
    --        </sequence>
    --        <sequence>
    --            <oid>2.5.29.17</oid>
    --            <asnOctets>
    --                <sequence>
    --                    <contextSpecific tag="4" constructed="1">
    --                        <sequence>
    --                            <set>
    --                                <sequence>
    --                                    <oid>2.5.4.4</oid>
    --                                    <utf8>334623324234325</utf8>
    --                                </sequence>
    --                            </set>
    --                            <set>
    --                                <sequence>
    --                                    <oid>0.9.2342.19200300.100.1.1</oid>
    --                                    <utf8>310122393500003</utf8>
    --                                </sequence>
    --                            </set>
    --                            <set>
    --                                <sequence>
    --                                    <oid>2.5.4.12</oid>
    --                                    <utf8>0000</utf8>
    --                                </sequence>
    --                            </set>
    --                            <set>
    --                                <sequence>
    --                                    <oid>2.5.4.26</oid>
    --                                    <utf8>Sample E</utf8>
    --                                </sequence>
    --                            </set>
    --                            <set>
    --                                <sequence>
    --                                    <oid>2.5.4.15</oid>
    --                                    <utf8>Sample Business</utf8>
    --                                </sequence>
    --                            </set>
    --                        </sequence>
    --                    </contextSpecific>
    --                </sequence>
    --            </asnOctets>
    --        </sequence>
    --    </sequence>
    -- </set>

    -- Use this online tool to generate code from sample XML: 
    -- Generate Code to Create XML

    -- Here's the code to generate the above extension request.

    DECLARE @xml int
    EXEC @hr = sp_OACreate 'Chilkat.Xml', @xml OUT

    EXEC sp_OASetProperty @xml, 'Tag', 'set'
    EXEC sp_OAMethod @xml, 'UpdateChildContent', NULL, 'sequence|sequence|oid', '1.3.6.1.4.1.311.20.2'
    EXEC sp_OAMethod @xml, 'UpdateChildContent', NULL, 'sequence|sequence|asnOctets|printable', 'ZATCA-Code-Signing'
    EXEC sp_OAMethod @xml, 'UpdateChildContent', NULL, 'sequence|sequence[1]|oid', '2.5.29.17'
    EXEC sp_OAMethod @xml, 'UpdateAttrAt', @success OUT, 'sequence|sequence[1]|asnOctets|sequence|contextSpecific', 1, 'tag', '4'
    EXEC sp_OAMethod @xml, 'UpdateAttrAt', @success OUT, 'sequence|sequence[1]|asnOctets|sequence|contextSpecific', 1, 'constructed', '1'
    EXEC sp_OAMethod @xml, 'UpdateChildContent', NULL, 'sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|oid', '2.5.4.4'
    EXEC sp_OAMethod @xml, 'UpdateChildContent', NULL, 'sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|utf8', '334623324234325'
    EXEC sp_OAMethod @xml, 'UpdateChildContent', NULL, 'sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|oid', '0.9.2342.19200300.100.1.1'
    EXEC sp_OAMethod @xml, 'UpdateChildContent', NULL, 'sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|utf8', '310122393500003'
    EXEC sp_OAMethod @xml, 'UpdateChildContent', NULL, 'sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|oid', '2.5.4.12'
    EXEC sp_OAMethod @xml, 'UpdateChildContent', NULL, 'sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|utf8', '0000'
    EXEC sp_OAMethod @xml, 'UpdateChildContent', NULL, 'sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|oid', '2.5.4.26'
    EXEC sp_OAMethod @xml, 'UpdateChildContent', NULL, 'sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|utf8', 'Sample E'
    EXEC sp_OAMethod @xml, 'UpdateChildContent', NULL, 'sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|oid', '2.5.4.15'
    EXEC sp_OAMethod @xml, 'UpdateChildContent', NULL, 'sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|utf8', 'Sample Business'

    -- Add the extension request to the CSR
    EXEC sp_OAMethod @csr, 'SetExtensionRequest', @success OUT, @xml

    -- Generate the CSR with the extension request
    DECLARE @csrPem nvarchar(4000)
    EXEC sp_OAMethod @csr, 'GenCsrPem', @csrPem OUT, @privKey
    EXEC sp_OAGetProperty @csr, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 = 0
      BEGIN
        EXEC sp_OAGetProperty @csr, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @ecc
        EXEC @hr = sp_OADestroy @prng
        EXEC @hr = sp_OADestroy @privKey
        EXEC @hr = sp_OADestroy @csr
        EXEC @hr = sp_OADestroy @xml
        RETURN
      END


    PRINT @csrPem

    -- Sample PEM output:

    -- -----BEGIN CERTIFICATE REQUEST-----
    -- MIICEjCCAbkCAQAwgZcxITAfBgNVBAMMGG15c3ViZG9tYWluLm15ZG9tYWluLmNv
    -- bTELMAkGA1UEBhMCR0IxDjAMBgNVBAgMBVlvcmtzMQ0wCwYDVQQHDARZb3JrMSEw
    -- HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxIzAhBgkqhkiG9w0BCQEW
    -- FHN1cHBvcnRAbXlkb21haW4uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
    -- g8EVNSV0ttlM9kG2E+J3ZB9WEDYVf2QA/8idrPRUafia1CHjd1kslwZA8eP2bAcf
    -- 2O493QAENqtW6DTHJbRz8KCBvjCBuwYJKoZIhvcNAQkOMYGtMIGqMCEGCSsGAQQB
    -- gjcUAgQUExJaQVRDQS1Db2RlLVNpZ25pbmcwgYQGA1UdEQR9MHukeTB3MRgwFgYD
    -- VQQEDA8zMzQ2MjMzMjQyMzQzMjUxHzAdBgoJkiaJk/IsZAEBDA8zMTAxMjIzOTM1
    -- MDAwMDMxDTALBgNVBAwMBDAwMDAxETAPBgNVBBoMCFNhbXBsZSBFMRgwFgYDVQQP
    -- DA9TYW1wbGUgQnVzaW5lc3MwCgYIKoZIzj0EAwIDRwAwRAIgF7D30eSBklfo+oel
    -- 1B0z64eJDB9MB3rCoiFZlj+mz0YCIHYI87eyqdtw2LOcAoBRhyxlBT6i28+Z/8t9
    -- bYsMIYvp
    -- -----END CERTIFICATE REQUEST-----

    EXEC @hr = sp_OADestroy @ecc
    EXEC @hr = sp_OADestroy @prng
    EXEC @hr = sp_OADestroy @privKey
    EXEC @hr = sp_OADestroy @csr
    EXEC @hr = sp_OADestroy @xml


END
GO