|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) Duplicate CSR Created by OpenSSL with Config.cnfSee more CSR ExamplesDemonstrates how to duplicate a CSR created by the following commands: # Generate Private Key openssl ecparam -name secp256k1 -genkey -noout -out PrivateKey.pem #Generate CSR openssl req -new -sha256 -key PrivateKey.pem -extensions v3_req -config Config.cnf -out CSR.csr
load ./chilkat.dll # This example assumes the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. # This example duplicates the CSR created by OpenSSL with the following config file: # oid_section = OIDs # [ OIDs ] # certificateTemplateName= 1.3.6.1.4.1.311.20.2 # # [ req ] # default_bits = 2048 # emailAddress = it@example.sa # req_extensions = v3_req # x509_extensions = v3_ca # prompt = no # default_md = sha256 # req_extensions = req_ext # distinguished_name = dn # # [ v3_req ] # basicConstraints = CA:FALSE # keyUsage = digitalSignature, nonRepudiation, keyEncipherment # # [req_ext] # certificateTemplateName = ASN1:PRINTABLESTRING:ZATCA-Code-Signing # subjectAltName = dirName:alt_names # # [ dn ] # CN =EXAMPLE-CORP # Common Name # C=SA # Country Code e.g SA # OU=HEAD-OFFICE # Organization Unit Name # O=ASC # Organization Name # # [alt_names] # SN=1-ASC|2-V01|3-1234567890 # EGS Serial Number 1-ABC|2-PQR|3-XYZ # UID=312345678900003 # Organization Identifier (VAT Number) # title=1100 # Invoice Type # registeredAddress=Dammam # Address # businessCategory=IT # Business Category # The OpenSSL commands we are duplicating: # openssl ecparam -name secp256k1 -genkey -noout -out PrivateKey.pem # openssl req -new -sha256 -key PrivateKey.pem -extensions v3_req -config Config.cnf -out CSR.csr # The 1st step is to actually use OpenSSL to generate a sample CSR.csr that we wish to duplicate. # With the sample CSR.csr, we get the ExtensionRequest as XML. # For example: set sbCsr [new_CkStringBuilder] set success [CkStringBuilder_LoadFile $sbCsr "qa_data/csr/openssl_cnf/CSR.csr" "utf-8"] if {$success == 0} then { puts "Failed to load CSR.csr" delete_CkStringBuilder $sbCsr exit } set csr0 [new_CkCsr] set success [CkCsr_LoadCsrPem $csr0 [CkStringBuilder_getAsString $sbCsr]] if {$success == 0} then { puts [CkCsr_lastErrorText $csr0] delete_CkStringBuilder $sbCsr delete_CkCsr $csr0 exit } set xml0 [new_CkXml] set success [CkCsr_GetExtensionRequest $csr0 $xml0] if {$success == 0} then { puts [CkCsr_lastErrorText $csr0] delete_CkStringBuilder $sbCsr delete_CkCsr $csr0 delete_CkXml $xml0 exit } # Let's examine the extension request.. puts [CkXml_getXml $xml0] # <?xml version="1.0" encoding="utf-8"?> # <set> # <sequence> # <sequence> # <oid>1.3.6.1.4.1.311.20.2</oid> # <asnOctets> # <printable>ZATCA-Code-Signing</printable> # </asnOctets> # </sequence> # <sequence> # <oid>2.5.29.17</oid> # <asnOctets> # <sequence> # <contextSpecific tag="4" constructed="1"> # <sequence> # <set> # <sequence> # <oid>2.5.4.4</oid> # <utf8>1-ASC|2-V01|3-1234567890</utf8> # </sequence> # </set> # <set> # <sequence> # <oid>0.9.2342.19200300.100.1.1</oid> # <utf8>312345678900003</utf8> # </sequence> # </set> # <set> # <sequence> # <oid>2.5.4.12</oid> # <utf8>1100</utf8> # </sequence> # </set> # <set> # <sequence> # <oid>2.5.4.26</oid> # <utf8>Dammam</utf8> # </sequence> # </set> # <set> # <sequence> # <oid>2.5.4.15</oid> # <utf8>IT</utf8> # </sequence> # </set> # </sequence> # </contextSpecific> # </sequence> # </asnOctets> # </sequence> # </sequence> # </set> # If you wish to generate the above XML without going through the above steps, copy the XML into # the online tool at https://tools.chilkat.io/xmlCreate # Here is the generated code for the above XML: set xml [new_CkXml] CkXml_put_Tag $xml "set" CkXml_UpdateChildContent $xml "sequence|sequence|oid" "1.3.6.1.4.1.311.20.2" CkXml_UpdateChildContent $xml "sequence|sequence|asnOctets|printable" "ZATCA-Code-Signing" CkXml_UpdateChildContent $xml "sequence|sequence[1]|oid" "2.5.29.17" CkXml_UpdateAttrAt $xml "sequence|sequence[1]|asnOctets|sequence|contextSpecific" 1 "tag" "4" CkXml_UpdateAttrAt $xml "sequence|sequence[1]|asnOctets|sequence|contextSpecific" 1 "constructed" "1" CkXml_UpdateChildContent $xml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|oid" "2.5.4.4" CkXml_UpdateChildContent $xml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|utf8" "1-ASC|2-V01|3-1234567890" CkXml_UpdateChildContent $xml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|oid" "0.9.2342.19200300.100.1.1" CkXml_UpdateChildContent $xml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|utf8" "312345678900003" CkXml_UpdateChildContent $xml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|oid" "2.5.4.12" CkXml_UpdateChildContent $xml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|utf8" "1100" CkXml_UpdateChildContent $xml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|oid" "2.5.4.26" CkXml_UpdateChildContent $xml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|utf8" "Dammam" CkXml_UpdateChildContent $xml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|oid" "2.5.4.15" CkXml_UpdateChildContent $xml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|utf8" "IT" # We'll need a new secp256k1 private key, so let's generate it. set ecdsa [new_CkEcc] set prng [new_CkPrng] # privKey is a CkPrivateKey set privKey [CkEcc_GenEccKey $ecdsa "secp256k1" $prng] if {[CkEcc_get_LastMethodSuccess $ecdsa] == 0} then { puts [CkEcc_lastErrorText $ecdsa] delete_CkStringBuilder $sbCsr delete_CkCsr $csr0 delete_CkXml $xml0 delete_CkXml $xml delete_CkEcc $ecdsa delete_CkPrng $prng exit } puts "Generated secp256k1 private key." # Use a new CSR object to generate a CSR with the private key and extension request. set csr [new_CkCsr] # Add the [dn] fields # [ dn ] # CN =EXAMPLE-CORP # Common Name # C=SA # Country Code e.g SA # OU=HEAD-OFFICE # Organization Unit Name # O=ASC # Organization Name CkCsr_put_CommonName $csr "EXAMPLE-CORP" CkCsr_put_Country $csr "SA" CkCsr_put_CompanyDivision $csr "HEAD-OFFICE" CkCsr_put_Company $csr "ASC" # Add the extension request to the CSR CkCsr_SetExtensionRequest $csr $xml # Generate the CSR with the extension request set csrPem [CkCsr_genCsrPem $csr $privKey] if {[CkCsr_get_LastMethodSuccess $csr] == 0} then { puts [CkCsr_lastErrorText $csr] delete_CkPrivateKey $privKey delete_CkStringBuilder $sbCsr delete_CkCsr $csr0 delete_CkXml $xml0 delete_CkXml $xml delete_CkEcc $ecdsa delete_CkPrng $prng delete_CkCsr $csr exit } puts "$csrPem" delete_CkPrivateKey $privKey # Sample output: # -----BEGIN CERTIFICATE REQUEST----- # MIIBuDCCAV8CAQAwSDEVMBMGA1UEAwwMRVhBTVBMRS1DT1JQMQswCQYDVQQGEwJT # QTEUMBIGA1UECwwLSEVBRC1PRkZJQ0UxDDAKBgNVBAoMA0FTQzBWMBAGByqGSM49 # AgEGBSuBBAAKA0IABFI5rusr76HiJcMMr1r4L0B0BOAs6azLkt/RwHoT6A0xFRRt # tulWT40tNhx3qJ4I5ePNgMceOEtuK1kMGVTovI6ggbcwgbQGCSqGSIb3DQEJDjGB # pjCBozAhBgkrBgEEAYI3FAIEFBMSWkFUQ0EtQ29kZS1TaWduaW5nMH4GA1UdEQR3 # MHWkczBxMSEwHwYDVQQEDBgxLUFTQ3wyLVYwMXwzLTEyMzQ1Njc4OTAxHzAdBgoJ # kiaJk/IsZAEBDA8zMTIzNDU2Nzg5MDAwMDMxDTALBgNVBAwMBDExMDAxDzANBgNV # BBoMBkRhbW1hbTELMAkGA1UEDwwCSVQwCgYIKoZIzj0EAwIDRwAwRAIgJnbgpSGb # diB+0M1VTqc1GU9sFsfnOvVN/8WhWRRxQIwCIF5eH9vgMgXyoU284X8Bx3dqOJ4q # xashGWci87POxSvT # -----END CERTIFICATE REQUEST----- delete_CkStringBuilder $sbCsr delete_CkCsr $csr0 delete_CkXml $xml0 delete_CkXml $xml delete_CkEcc $ecdsa delete_CkPrng $prng delete_CkCsr $csr |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.