SQL Server
SQL Server
Duplicate openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr
See more OpenSSL Examples
Demonstrates how to duplicate this OpenSSL command:openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr
This command creates 2 files:
- mydomain.csr: this is the file to send to DigiCert or Let's Encrypt (or any other CA)
- mydomain.pem: this is the private key of the domain.
The second file is needed to pair with the certificate that will later be received from the CA.
Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This example requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
DECLARE @rsa int
EXEC @hr = sp_OACreate 'Chilkat.Rsa', @rsa OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
-- Generate a 2048-bit key. Chilkat RSA supports
-- key sizes ranging from 512 bits to 8192 bits.
DECLARE @privKey int
EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @privKey OUT
EXEC sp_OAMethod @rsa, 'GenKey', @success OUT, 2048, @privKey
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @rsa, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @rsa
EXEC @hr = sp_OADestroy @privKey
RETURN
END
EXEC sp_OAMethod @rsa, 'UsePrivateKey', @success OUT, @privKey
-- Save the private key to unencrypted PKCS8 PEM
EXEC sp_OAMethod @privKey, 'SavePkcs8PemFile', @success OUT, 'mydomain.pem'
-- (alternatively) Save the private key to encrypted PKCS8 PEM
EXEC sp_OAMethod @privKey, 'SavePkcs8EncryptedPemFile', @success OUT, 'myPassword', 'mydomain_enc.pem'
-- We'll need the private key's modulus for the CSR.
-- The modulus is not something that needs to be protected. Most people don't realize
-- that a public key is actually just a subset of the private key. The public parts of
-- an RSA private key are the modulus and exponent. The exponent is always 65537.
DECLARE @privKeyXml int
EXEC @hr = sp_OACreate 'Chilkat.Xml', @privKeyXml OUT
EXEC sp_OAMethod @privKey, 'GetXml', @sTmp0 OUT
EXEC sp_OAMethod @privKeyXml, 'LoadXml', @success OUT, @sTmp0
-- Get the modulus in base64 format:
DECLARE @keyModulus nvarchar(4000)
EXEC sp_OAMethod @privKeyXml, 'GetChildContent', @keyModulus OUT, 'Modulus'
-- --------------------------------------------------------------------------------
-- Now build the CSR using Chilkat's ASN.1 API.
-- The keyModulus will be embedded within the ASN.1.
-- A new ASN.1 object is automatically a SEQUENCE.
-- Given that the CSR's root item is a SEQUENCE, we can use
-- this as the root of our CSR.
DECLARE @asnRoot int
EXEC @hr = sp_OACreate 'Chilkat.Asn', @asnRoot OUT
-- Beneath the root, we have a SEQUENCE (the certificate request info),
-- another SEQUENCE (the algorithm identifier), and a BITSTRING (the signature data)
EXEC sp_OAMethod @asnRoot, 'AppendSequence', @success OUT
EXEC sp_OAMethod @asnRoot, 'AppendSequence', @success OUT
-- ----------------------------------
-- Build the Certificate Request Info
-- ----------------------------------
DECLARE @asnCertReqInfo int
EXEC sp_OAMethod @asnRoot, 'GetSubItem', @asnCertReqInfo OUT, 0
EXEC sp_OAMethod @asnCertReqInfo, 'AppendInt', @success OUT, 0
-- Build the Subject part of the Certificate Request Info
DECLARE @asnCertSubject int
EXEC sp_OAMethod @asnCertReqInfo, 'AppendSequenceR', @asnCertSubject OUT
-- Add each subject part..
DECLARE @asnTemp int
EXEC sp_OAMethod @asnCertSubject, 'AppendSetR', @asnTemp OUT
EXEC sp_OAMethod @asnTemp, 'AppendSequence2', @success OUT
-- AppendSequence2 updates the internal reference to the newly appended SEQUENCE.
-- The OID and printable string are added to the SEQUENCE.
EXEC sp_OAMethod @asnTemp, 'AppendOid', @success OUT, '2.5.4.6'
EXEC sp_OAMethod @asnTemp, 'AppendString', @success OUT, 'printable', 'US'
EXEC @hr = sp_OADestroy @asnTemp
EXEC sp_OAMethod @asnCertSubject, 'AppendSetR', @asnTemp OUT
EXEC sp_OAMethod @asnTemp, 'AppendSequence2', @success OUT
EXEC sp_OAMethod @asnTemp, 'AppendOid', @success OUT, '2.5.4.8'
EXEC sp_OAMethod @asnTemp, 'AppendString', @success OUT, 'utf8', 'Utah'
EXEC @hr = sp_OADestroy @asnTemp
EXEC sp_OAMethod @asnCertSubject, 'AppendSetR', @asnTemp OUT
EXEC sp_OAMethod @asnTemp, 'AppendSequence2', @success OUT
EXEC sp_OAMethod @asnTemp, 'AppendOid', @success OUT, '2.5.4.7'
EXEC sp_OAMethod @asnTemp, 'AppendString', @success OUT, 'utf8', 'Lindon'
EXEC @hr = sp_OADestroy @asnTemp
EXEC sp_OAMethod @asnCertSubject, 'AppendSetR', @asnTemp OUT
EXEC sp_OAMethod @asnTemp, 'AppendSequence2', @success OUT
EXEC sp_OAMethod @asnTemp, 'AppendOid', @success OUT, '2.5.4.10'
EXEC sp_OAMethod @asnTemp, 'AppendString', @success OUT, 'utf8', 'DigiCert Inc.'
EXEC @hr = sp_OADestroy @asnTemp
EXEC sp_OAMethod @asnCertSubject, 'AppendSetR', @asnTemp OUT
EXEC sp_OAMethod @asnTemp, 'AppendSequence2', @success OUT
EXEC sp_OAMethod @asnTemp, 'AppendOid', @success OUT, '2.5.4.11'
EXEC sp_OAMethod @asnTemp, 'AppendString', @success OUT, 'utf8', 'DigiCert'
EXEC @hr = sp_OADestroy @asnTemp
EXEC sp_OAMethod @asnCertSubject, 'AppendSetR', @asnTemp OUT
EXEC sp_OAMethod @asnTemp, 'AppendSequence2', @success OUT
EXEC sp_OAMethod @asnTemp, 'AppendOid', @success OUT, '2.5.4.3'
EXEC sp_OAMethod @asnTemp, 'AppendString', @success OUT, 'utf8', 'example.digicert.com'
EXEC @hr = sp_OADestroy @asnTemp
EXEC @hr = sp_OADestroy @asnCertSubject
-- Build the Public Key Info part of the Certificate Request Info
DECLARE @asnPubKeyInfo int
EXEC sp_OAMethod @asnCertReqInfo, 'AppendSequenceR', @asnPubKeyInfo OUT
DECLARE @asnPubKeyAlgId int
EXEC sp_OAMethod @asnPubKeyInfo, 'AppendSequenceR', @asnPubKeyAlgId OUT
EXEC sp_OAMethod @asnPubKeyAlgId, 'AppendOid', @success OUT, '1.2.840.113549.1.1.1'
EXEC sp_OAMethod @asnPubKeyAlgId, 'AppendNull', @success OUT
EXEC @hr = sp_OADestroy @asnPubKeyAlgId
-- The public key itself is a BIT STRING, but the bit string is composed of ASN.1
-- for the RSA public key. We'll first build the RSA ASN.1 for the public key
-- (containing the 2048 bit modulus and exponent), and encoded it to DER, and then add
-- the DER bytes as a BIT STRING (as a sub-item of asnPubKeyInfo)
-- This is already a SEQUENCE..
DECLARE @asnRsaKey int
EXEC @hr = sp_OACreate 'Chilkat.Asn', @asnRsaKey OUT
-- The RSA modulus is a big integer.
EXEC sp_OAMethod @asnRsaKey, 'AppendBigInt', @success OUT, @keyModulus, 'base64'
EXEC sp_OAMethod @asnRsaKey, 'AppendInt', @success OUT, 65537
DECLARE @rsaKeyDerBase64 nvarchar(4000)
EXEC sp_OAMethod @asnRsaKey, 'GetEncodedDer', @rsaKeyDerBase64 OUT, 'base64'
-- Now add the RSA key DER as a BIT STRING.
EXEC sp_OAMethod @asnPubKeyInfo, 'AppendBits', @success OUT, @rsaKeyDerBase64, 'base64'
EXEC @hr = sp_OADestroy @asnPubKeyInfo
-- The last part of the certificate request info is an empty context-specific constructed item
-- with a tag equal to 0.
EXEC sp_OAMethod @asnCertReqInfo, 'AppendContextConstructed', @success OUT, 0
-- Get the DER of the asnCertReqInfo.
-- This will be signed using the RSA private key.
DECLARE @bdDer int
EXEC @hr = sp_OACreate 'Chilkat.BinData', @bdDer OUT
EXEC sp_OAMethod @asnCertReqInfo, 'WriteBd', @success OUT, @bdDer
-- Add the signature to the ASN.1
DECLARE @bdSig int
EXEC @hr = sp_OACreate 'Chilkat.BinData', @bdSig OUT
EXEC sp_OAMethod @rsa, 'SignBd', @success OUT, @bdDer, 'SHA1', @bdSig
EXEC sp_OAMethod @bdSig, 'GetEncoded', @sTmp0 OUT, 'base64'
EXEC sp_OAMethod @asnRoot, 'AppendBits', @success OUT, @sTmp0, 'base64'
EXEC @hr = sp_OADestroy @asnCertReqInfo
-- ----------------------------------
-- Finally, add the algorithm identifier, which is the 2nd sub-item under the root.
-- ----------------------------------
DECLARE @asnAlgId int
EXEC sp_OAMethod @asnRoot, 'GetSubItem', @asnAlgId OUT, 1
EXEC sp_OAMethod @asnAlgId, 'AppendOid', @success OUT, '1.2.840.113549.1.1.5'
EXEC sp_OAMethod @asnAlgId, 'AppendNull', @success OUT
EXEC @hr = sp_OADestroy @asnAlgId
-- Write the CSR to a DER encoded binary file:
EXEC sp_OAMethod @asnRoot, 'WriteBinaryDer', @success OUT, 'qa_output/mydomain.csr'
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @asnRoot, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @rsa
EXEC @hr = sp_OADestroy @privKey
EXEC @hr = sp_OADestroy @privKeyXml
EXEC @hr = sp_OADestroy @asnRoot
EXEC @hr = sp_OADestroy @asnRsaKey
EXEC @hr = sp_OADestroy @bdDer
EXEC @hr = sp_OADestroy @bdSig
RETURN
END
-- It is also possible to get the CSR in base64 format:
DECLARE @csrBase64 nvarchar(4000)
EXEC sp_OAMethod @asnRoot, 'GetEncodedDer', @csrBase64 OUT, 'base64'
PRINT 'Base64 CSR:'
PRINT @csrBase64
EXEC @hr = sp_OADestroy @rsa
EXEC @hr = sp_OADestroy @privKey
EXEC @hr = sp_OADestroy @privKeyXml
EXEC @hr = sp_OADestroy @asnRoot
EXEC @hr = sp_OADestroy @asnRsaKey
EXEC @hr = sp_OADestroy @bdDer
EXEC @hr = sp_OADestroy @bdSig
END
GO