(SQL Server) Convert Let's Encrypt PEM Files to a PFX

Demonstrates how to convert the .pem files provided by Let's Encrypt to a single PFX.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    -- This example assumes the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    -- Let's Encrypt provides four .pem files
    -- 1. fullchain.pem
    -- 2. privkey.pem
    -- 3. cert.pem
    -- 4. chain.pem

    -- The cert.pem and chain.pem are redundant. 
    -- The fullchain.pem is composed of the cert.pem and chain.pem.

    -- To convert the PEM's to a single .pfx, we don't need the redundant data.
    -- The privkey.pem and fullchain.pem provide the required data.
    -- We can ignore cert.pem and chain.pem (because those certs are already found in fullchain.pem).

    -- We need a single .pem file that contains both the private key, the cert,
    -- and the certs in the chain of authentication.
    -- Let's combine priveky.pem and fullchain.pem into a single .pem

    DECLARE @sbPem int
    -- Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbPem OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @success int
    EXEC sp_OAMethod @sbPem, 'LoadFile', @success OUT, 'qa_data/pem/lets_encrypt/privkey.pem', 'utf-8'
    IF @success = 0
      BEGIN

        PRINT 'Failed to load privkey.pem'
        EXEC @hr = sp_OADestroy @sbPem
        RETURN
      END

    -- To be safe, append a blank line..
    EXEC sp_OAMethod @sbPem, 'AppendLine', @success OUT, '', 0

    DECLARE @sbFullChainPem int
    -- Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbFullChainPem OUT

    EXEC sp_OAMethod @sbFullChainPem, 'LoadFile', @success OUT, 'qa_data/pem/lets_encrypt/fullchain.pem', 'utf-8'
    IF @success = 0
      BEGIN

        PRINT 'Failed to load fullchain.pem'
        EXEC @hr = sp_OADestroy @sbPem
        EXEC @hr = sp_OADestroy @sbFullChainPem
        RETURN
      END

    -- Append the full cert chain PEM to the private key PEM.
    EXEC sp_OAMethod @sbPem, 'AppendSb', @success OUT, @sbFullChainPem

    -- Load the combined PEM into a Chilkat PFX object.
    DECLARE @pfx int
    -- Use "Chilkat_9_5_0.Pfx" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.Pfx', @pfx OUT

    EXEC sp_OAMethod @sbPem, 'GetAsString', @sTmp0 OUT
    EXEC sp_OAMethod @pfx, 'LoadPem', @success OUT, @sTmp0, 'no password required'
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @pfx, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @sbPem
        EXEC @hr = sp_OADestroy @sbFullChainPem
        EXEC @hr = sp_OADestroy @pfx
        RETURN
      END

    -- Write the PFX w/ a password.
    DECLARE @pfxPassword nvarchar(4000)
    SELECT @pfxPassword = 'secret'
    EXEC sp_OAMethod @pfx, 'ToFile', @success OUT, @pfxPassword, 'qa_output/sample.pfx'
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @pfx, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @sbPem
        EXEC @hr = sp_OADestroy @sbFullChainPem
        EXEC @hr = sp_OADestroy @pfx
        RETURN
      END


    PRINT 'Success!'

    EXEC @hr = sp_OADestroy @sbPem
    EXEC @hr = sp_OADestroy @sbFullChainPem
    EXEC @hr = sp_OADestroy @pfx


END
GO