Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Unicode C) Renew a DigiCert Certificate from an EST-enabled profileDemonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.)
#include <C_CkPrngW.h> #include <C_CkEccW.h> #include <C_CkPrivateKeyW.h> #include <C_CkCsrW.h> #include <C_CkBinDataW.h> #include <C_CkHttpW.h> #include <C_CkCertW.h> #include <C_CkHttpResponseW.h> void ChilkatSample(void) { HCkPrngW fortuna; const wchar_t *entropy; BOOL success; HCkEccW ec; HCkPrivateKeyW privKey; HCkCsrW csr; HCkBinDataW bdCsr; HCkHttpW http; HCkCertW tlsClientCert; HCkBinDataW bdTlsClientCertPrivKey; HCkPrivateKeyW tlsClientCertPrivKey; HCkHttpResponseW resp; HCkCertW myNewCert; // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // The example below duplicates the following OpenSSL commands: // // # Name of certificate as argument 1 // // # Make new key // openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem // // # Make csr // openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}" // // # Request new cert // curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem // --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll // // # Convert to PEM // openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem // ------------------------------------------------------------------------------------------------------------------ // Create a Fortuna PRNG and seed it with system entropy. // This will be our source of random data for generating the ECC private key. fortuna = CkPrngW_Create(); entropy = CkPrngW_getEntropy(fortuna,32,L"base64"); success = CkPrngW_AddEntropy(fortuna,entropy,L"base64"); ec = CkEccW_Create(); // Generate a random EC private key on the prime256v1 curve. privKey = CkEccW_GenEccKey(ec,L"prime256v1",fortuna); if (CkEccW_getLastMethodSuccess(ec) != TRUE) { wprintf(L"%s\n",CkEccW_lastErrorText(ec)); CkPrngW_Dispose(fortuna); CkEccW_Dispose(ec); return; } // Create the CSR object and set properties. csr = CkCsrW_Create(); // Specify your CN CkCsrW_putCommonName(csr,L"mysubdomain.mydomain.com"); // Create the CSR using the private key. bdCsr = CkBinDataW_Create(); success = CkCsrW_GenCsrBd(csr,privKey,bdCsr); if (success == FALSE) { wprintf(L"%s\n",CkCsrW_lastErrorText(csr)); CkPrivateKeyW_Dispose(privKey); CkPrngW_Dispose(fortuna); CkEccW_Dispose(ec); CkCsrW_Dispose(csr); CkBinDataW_Dispose(bdCsr); return; } // Save the private key and CSR to files. CkPrivateKeyW_SavePkcs8EncryptedPemFile(privKey,L"password",L"c:/temp/qa_output/ec_privkey.pem"); CkPrivateKeyW_Dispose(privKey); CkBinDataW_WriteFile(bdCsr,L"c:/temp/qa_output/csr.pem"); // ---------------------------------------------------------------------- // Now do the CURL request to POST the CSR and get the new certificate. http = CkHttpW_Create(); tlsClientCert = CkCertW_Create(); success = CkCertW_LoadFromFile(tlsClientCert,L"data/myTlsClientCert.pem"); if (success == FALSE) { wprintf(L"%s\n",CkCertW_lastErrorText(tlsClientCert)); CkPrngW_Dispose(fortuna); CkEccW_Dispose(ec); CkCsrW_Dispose(csr); CkBinDataW_Dispose(bdCsr); CkHttpW_Dispose(http); CkCertW_Dispose(tlsClientCert); return; } bdTlsClientCertPrivKey = CkBinDataW_Create(); success = CkBinDataW_LoadFile(bdTlsClientCertPrivKey,L"data/myTlsClientCert.key.pem"); if (success == FALSE) { wprintf(L"Failed to load data/myTlsClientCert.key.pem\n"); CkPrngW_Dispose(fortuna); CkEccW_Dispose(ec); CkCsrW_Dispose(csr); CkBinDataW_Dispose(bdCsr); CkHttpW_Dispose(http); CkCertW_Dispose(tlsClientCert); CkBinDataW_Dispose(bdTlsClientCertPrivKey); return; } tlsClientCertPrivKey = CkPrivateKeyW_Create(); success = CkPrivateKeyW_LoadAnyFormat(tlsClientCertPrivKey,bdTlsClientCertPrivKey,L""); if (success == FALSE) { wprintf(L"%s\n",CkPrivateKeyW_lastErrorText(tlsClientCertPrivKey)); CkPrngW_Dispose(fortuna); CkEccW_Dispose(ec); CkCsrW_Dispose(csr); CkBinDataW_Dispose(bdCsr); CkHttpW_Dispose(http); CkCertW_Dispose(tlsClientCert); CkBinDataW_Dispose(bdTlsClientCertPrivKey); CkPrivateKeyW_Dispose(tlsClientCertPrivKey); return; } success = CkCertW_SetPrivateKey(tlsClientCert,tlsClientCertPrivKey); if (success == FALSE) { wprintf(L"%s\n",CkCertW_lastErrorText(tlsClientCert)); CkPrngW_Dispose(fortuna); CkEccW_Dispose(ec); CkCsrW_Dispose(csr); CkBinDataW_Dispose(bdCsr); CkHttpW_Dispose(http); CkCertW_Dispose(tlsClientCert); CkBinDataW_Dispose(bdTlsClientCertPrivKey); CkPrivateKeyW_Dispose(tlsClientCertPrivKey); return; } CkHttpW_SetSslClientCert(http,tlsClientCert); CkHttpW_putRequireSslCertVerify(http,TRUE); // The body of the HTTP request contains the binary CSR. resp = CkHttpW_PBinaryBd(http,L"POST",L"https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll",bdCsr,L"application/pkcs10",FALSE,FALSE); if (CkHttpW_getLastMethodSuccess(http) == FALSE) { wprintf(L"%s\n",CkHttpW_lastErrorText(http)); CkPrngW_Dispose(fortuna); CkEccW_Dispose(ec); CkCsrW_Dispose(csr); CkBinDataW_Dispose(bdCsr); CkHttpW_Dispose(http); CkCertW_Dispose(tlsClientCert); CkBinDataW_Dispose(bdTlsClientCertPrivKey); CkPrivateKeyW_Dispose(tlsClientCertPrivKey); return; } if (CkHttpResponseW_getStatusCode(resp) != 200) { wprintf(L"response status code = %d\n",CkHttpResponseW_getStatusCode(resp)); wprintf(L"%s\n",CkHttpResponseW_bodyStr(resp)); wprintf(L"Failed\n"); CkHttpResponseW_Dispose(resp); CkPrngW_Dispose(fortuna); CkEccW_Dispose(ec); CkCsrW_Dispose(csr); CkBinDataW_Dispose(bdCsr); CkHttpW_Dispose(http); CkCertW_Dispose(tlsClientCert); CkBinDataW_Dispose(bdTlsClientCertPrivKey); CkPrivateKeyW_Dispose(tlsClientCertPrivKey); return; } // The response is the Base64 DER of the new certificate. myNewCert = CkCertW_Create(); success = CkCertW_LoadFromBase64(myNewCert,CkHttpResponseW_bodyStr(resp)); if (success == FALSE) { wprintf(L"%s\n",CkCertW_lastErrorText(myNewCert)); wprintf(L"Cert data = %s\n",CkHttpResponseW_bodyStr(resp)); wprintf(L"Failed.\n"); CkHttpResponseW_Dispose(resp); CkPrngW_Dispose(fortuna); CkEccW_Dispose(ec); CkCsrW_Dispose(csr); CkBinDataW_Dispose(bdCsr); CkHttpW_Dispose(http); CkCertW_Dispose(tlsClientCert); CkBinDataW_Dispose(bdTlsClientCertPrivKey); CkPrivateKeyW_Dispose(tlsClientCertPrivKey); CkCertW_Dispose(myNewCert); return; } CkHttpResponseW_Dispose(resp); success = CkCertW_SaveToFile(myNewCert,L"c:/temp/qa_output/myNewCert.cer"); if (success == FALSE) { wprintf(L"%s\n",CkCertW_lastErrorText(myNewCert)); wprintf(L"Failed.\n"); CkPrngW_Dispose(fortuna); CkEccW_Dispose(ec); CkCsrW_Dispose(csr); CkBinDataW_Dispose(bdCsr); CkHttpW_Dispose(http); CkCertW_Dispose(tlsClientCert); CkBinDataW_Dispose(bdTlsClientCertPrivKey); CkPrivateKeyW_Dispose(tlsClientCertPrivKey); CkCertW_Dispose(myNewCert); return; } wprintf(L"Success.\n"); CkPrngW_Dispose(fortuna); CkEccW_Dispose(ec); CkCsrW_Dispose(csr); CkBinDataW_Dispose(bdCsr); CkHttpW_Dispose(http); CkCertW_Dispose(tlsClientCert); CkBinDataW_Dispose(bdTlsClientCertPrivKey); CkPrivateKeyW_Dispose(tlsClientCertPrivKey); CkCertW_Dispose(myNewCert); } |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.