Sample code for 30+ languages & platforms
Unicode C

Duplicate CSR Created by OpenSSL with Config.cnf

See more CSR Examples

Demonstrates how to duplicate a CSR created by the following commands:
# Generate Private Key
openssl ecparam -name secp256k1 -genkey -noout -out PrivateKey.pem

#Generate CSR
openssl req -new -sha256 -key PrivateKey.pem -extensions v3_req -config Config.cnf -out CSR.csr

Chilkat Unicode C Downloads

Unicode C
#include <C_CkStringBuilderW.h>
#include <C_CkCsrW.h>
#include <C_CkXmlW.h>
#include <C_CkEccW.h>
#include <C_CkPrngW.h>
#include <C_CkPrivateKeyW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkStringBuilderW sbCsr;
    HCkCsrW csr0;
    HCkXmlW xml0;
    HCkXmlW xml;
    HCkEccW ecdsa;
    HCkPrngW prng;
    HCkPrivateKeyW privKey;
    HCkCsrW csr;
    const wchar_t *csrPem;

    success = FALSE;

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // This example duplicates the CSR created by OpenSSL with the following config file:

    // oid_section = OIDs
    // [ OIDs ]
    // certificateTemplateName= 1.3.6.1.4.1.311.20.2
    // 
    // [ req ]
    // default_bits 	= 2048
    // emailAddress 	= it@example.sa
    // req_extensions	= v3_req
    // x509_extensions 	= v3_ca
    // prompt = no
    // default_md = sha256
    // req_extensions = req_ext
    // distinguished_name = dn
    // 
    // [ v3_req ]
    // basicConstraints = CA:FALSE
    // keyUsage = digitalSignature, nonRepudiation, keyEncipherment
    // 
    // [req_ext]
    // certificateTemplateName = ASN1:PRINTABLESTRING:ZATCA-Code-Signing
    // subjectAltName = dirName:alt_names
    // 
    // [ dn ]
    // CN =EXAMPLE-CORP  				# Common Name
    // C=SA									# Country Code e.g SA
    // OU=HEAD-OFFICE							# Organization Unit Name
    // O=ASC									# Organization Name
    // 
    // [alt_names]
    // SN=1-ASC|2-V01|3-1234567890				# EGS Serial Number 1-ABC|2-PQR|3-XYZ
    // UID=312345678900003						# Organization Identifier (VAT Number)
    // title=1100								# Invoice Type
    // registeredAddress=Dammam  	 			# Address
    // businessCategory=IT						# Business Category

    // The OpenSSL commands we are duplicating:

    // openssl ecparam -name secp256k1 -genkey -noout -out PrivateKey.pem
    // openssl req -new -sha256 -key PrivateKey.pem -extensions v3_req -config Config.cnf -out CSR.csr

    // The 1st step is to actually use OpenSSL to generate a sample CSR.csr that we wish to duplicate.
    // With the sample CSR.csr, we get the ExtensionRequest as XML.  
    // For example:

    sbCsr = CkStringBuilderW_Create();
    success = CkStringBuilderW_LoadFile(sbCsr,L"qa_data/csr/openssl_cnf/CSR.csr",L"utf-8");
    if (success == FALSE) {
        wprintf(L"Failed to load CSR.csr\n");
        CkStringBuilderW_Dispose(sbCsr);
        return;
    }

    csr0 = CkCsrW_Create();
    success = CkCsrW_LoadCsrPem(csr0,CkStringBuilderW_getAsString(sbCsr));
    if (success == FALSE) {
        wprintf(L"%s\n",CkCsrW_lastErrorText(csr0));
        CkStringBuilderW_Dispose(sbCsr);
        CkCsrW_Dispose(csr0);
        return;
    }

    xml0 = CkXmlW_Create();
    success = CkCsrW_GetExtensionRequest(csr0,xml0);
    if (success == FALSE) {
        wprintf(L"%s\n",CkCsrW_lastErrorText(csr0));
        CkStringBuilderW_Dispose(sbCsr);
        CkCsrW_Dispose(csr0);
        CkXmlW_Dispose(xml0);
        return;
    }

    // Let's examine the extension request..
    wprintf(L"%s\n",CkXmlW_getXml(xml0));

    // <?xml version="1.0" encoding="utf-8"?>
    // <set>
    //     <sequence>
    //         <sequence>
    //             <oid>1.3.6.1.4.1.311.20.2</oid>
    //             <asnOctets>
    //                 <printable>ZATCA-Code-Signing</printable>
    //             </asnOctets>
    //         </sequence>
    //         <sequence>
    //             <oid>2.5.29.17</oid>
    //             <asnOctets>
    //                 <sequence>
    //                     <contextSpecific tag="4" constructed="1">
    //                         <sequence>
    //                             <set>
    //                                 <sequence>
    //                                     <oid>2.5.4.4</oid>
    //                                     <utf8>1-ASC|2-V01|3-1234567890</utf8>
    //                                 </sequence>
    //                             </set>
    //                             <set>
    //                                 <sequence>
    //                                     <oid>0.9.2342.19200300.100.1.1</oid>
    //                                     <utf8>312345678900003</utf8>
    //                                 </sequence>
    //                             </set>
    //                             <set>
    //                                 <sequence>
    //                                     <oid>2.5.4.12</oid>
    //                                     <utf8>1100</utf8>
    //                                 </sequence>
    //                             </set>
    //                             <set>
    //                                 <sequence>
    //                                     <oid>2.5.4.26</oid>
    //                                     <utf8>Dammam</utf8>
    //                                 </sequence>
    //                             </set>
    //                             <set>
    //                                 <sequence>
    //                                     <oid>2.5.4.15</oid>
    //                                     <utf8>IT</utf8>
    //                                 </sequence>
    //                             </set>
    //                         </sequence>
    //                     </contextSpecific>
    //                 </sequence>
    //             </asnOctets>
    //         </sequence>
    //     </sequence>
    // </set>

    // If you wish to generate the above XML without going through the above steps, copy the XML into
    // the online tool at https://tools.chilkat.io/xmlCreate

    // Here is the generated code for the above XML:

    xml = CkXmlW_Create();
    CkXmlW_putTag(xml,L"set");
    CkXmlW_UpdateChildContent(xml,L"sequence|sequence|oid",L"1.3.6.1.4.1.311.20.2");
    CkXmlW_UpdateChildContent(xml,L"sequence|sequence|asnOctets|printable",L"ZATCA-Code-Signing");
    CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|oid",L"2.5.29.17");
    CkXmlW_UpdateAttrAt(xml,L"sequence|sequence[1]|asnOctets|sequence|contextSpecific",TRUE,L"tag",L"4");
    CkXmlW_UpdateAttrAt(xml,L"sequence|sequence[1]|asnOctets|sequence|contextSpecific",TRUE,L"constructed",L"1");
    CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|oid",L"2.5.4.4");
    CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|utf8",L"1-ASC|2-V01|3-1234567890");
    CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|oid",L"0.9.2342.19200300.100.1.1");
    CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|utf8",L"312345678900003");
    CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|oid",L"2.5.4.12");
    CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|utf8",L"1100");
    CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|oid",L"2.5.4.26");
    CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|utf8",L"Dammam");
    CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|oid",L"2.5.4.15");
    CkXmlW_UpdateChildContent(xml,L"sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|utf8",L"IT");

    // We'll need a new secp256k1 private key, so let's generate it.
    ecdsa = CkEccW_Create();
    prng = CkPrngW_Create();
    privKey = CkPrivateKeyW_Create();
    success = CkEccW_GenKey(ecdsa,L"secp256k1",prng,privKey);
    if (success == FALSE) {
        wprintf(L"%s\n",CkEccW_lastErrorText(ecdsa));
        CkStringBuilderW_Dispose(sbCsr);
        CkCsrW_Dispose(csr0);
        CkXmlW_Dispose(xml0);
        CkXmlW_Dispose(xml);
        CkEccW_Dispose(ecdsa);
        CkPrngW_Dispose(prng);
        CkPrivateKeyW_Dispose(privKey);
        return;
    }

    wprintf(L"Generated secp256k1 private key.\n");

    // Use a new CSR object to generate a CSR with the private key and extension request.
    csr = CkCsrW_Create();

    // Add the [dn] fields
    //  [ dn ]
    //  CN =EXAMPLE-CORP  				# Common Name
    //  C=SA									# Country Code e.g SA
    //  OU=HEAD-OFFICE							# Organization Unit Name
    //  O=ASC									# Organization Name
    CkCsrW_putCommonName(csr,L"EXAMPLE-CORP");
    CkCsrW_putCountry(csr,L"SA");
    CkCsrW_putCompanyDivision(csr,L"HEAD-OFFICE");
    CkCsrW_putCompany(csr,L"ASC");

    // Add the extension request to the CSR
    CkCsrW_SetExtensionRequest(csr,xml);

    // Generate the CSR with the extension request
    csrPem = CkCsrW_genCsrPem(csr,privKey);
    if (CkCsrW_getLastMethodSuccess(csr) == FALSE) {
        wprintf(L"%s\n",CkCsrW_lastErrorText(csr));
        CkStringBuilderW_Dispose(sbCsr);
        CkCsrW_Dispose(csr0);
        CkXmlW_Dispose(xml0);
        CkXmlW_Dispose(xml);
        CkEccW_Dispose(ecdsa);
        CkPrngW_Dispose(prng);
        CkPrivateKeyW_Dispose(privKey);
        CkCsrW_Dispose(csr);
        return;
    }

    wprintf(L"%s\n",csrPem);

    // Sample output:

    // -----BEGIN CERTIFICATE REQUEST-----
    // MIIBuDCCAV8CAQAwSDEVMBMGA1UEAwwMRVhBTVBMRS1DT1JQMQswCQYDVQQGEwJT
    // QTEUMBIGA1UECwwLSEVBRC1PRkZJQ0UxDDAKBgNVBAoMA0FTQzBWMBAGByqGSM49
    // AgEGBSuBBAAKA0IABFI5rusr76HiJcMMr1r4L0B0BOAs6azLkt/RwHoT6A0xFRRt
    // tulWT40tNhx3qJ4I5ePNgMceOEtuK1kMGVTovI6ggbcwgbQGCSqGSIb3DQEJDjGB
    // pjCBozAhBgkrBgEEAYI3FAIEFBMSWkFUQ0EtQ29kZS1TaWduaW5nMH4GA1UdEQR3
    // MHWkczBxMSEwHwYDVQQEDBgxLUFTQ3wyLVYwMXwzLTEyMzQ1Njc4OTAxHzAdBgoJ
    // kiaJk/IsZAEBDA8zMTIzNDU2Nzg5MDAwMDMxDTALBgNVBAwMBDExMDAxDzANBgNV
    // BBoMBkRhbW1hbTELMAkGA1UEDwwCSVQwCgYIKoZIzj0EAwIDRwAwRAIgJnbgpSGb
    // diB+0M1VTqc1GU9sFsfnOvVN/8WhWRRxQIwCIF5eH9vgMgXyoU284X8Bx3dqOJ4q
    // xashGWci87POxSvT
    // -----END CERTIFICATE REQUEST-----


    CkStringBuilderW_Dispose(sbCsr);
    CkCsrW_Dispose(csr0);
    CkXmlW_Dispose(xml0);
    CkXmlW_Dispose(xml);
    CkEccW_Dispose(ecdsa);
    CkPrngW_Dispose(prng);
    CkPrivateKeyW_Dispose(privKey);
    CkCsrW_Dispose(csr);

    }