AppendCertificateRequest (Stringlist function): Difference between revisions

From m204wiki
Jump to navigation Jump to search
Line 49: Line 49:
<tr><th>14</th><td>Bad private key/challenge signature.</td></tr>
<tr><th>14</th><td>Bad private key/challenge signature.</td></tr>
</table>
</table>
==Usage notes==
<ul>
<li>To review the contents of the generated request, you can use <var>[[DerToXmlDoc (String function)|DerToXmlDoc]]</var>.
</ul>


==Examples==
==Examples==

Revision as of 19:55, 25 May 2012

Add certificate request to a Stringlist (Stringlist class)

[Requires Janus Network Security]


This callable method generates an SSL client certificate request from a given private key, and it adds the certificate request lines to the end of a Stringlist.

Syntax

[%rc =] sl:AppendCertificateRequest( [PrivateKey=] string, - [[Country=] string], [[State=] string], - [[City=] string], - [[Organization=] string], - [[OrganizationalUnit=] string], - [[CommonName=] string], - [SignatureAlgorithm= digestAlgorithm])

Syntax terms

%rc An, optional, numeric variable that is set to zero if the function is a success. The possible return codes are described below in "Return codes".
sl A Stringlist object to contain the generated request.
PrivateKey This name allowed parameter is a Stringlist object that contains an RSA-generated private key. This value must be less than or equal to 2048 bits.
Country This name allowed, optional, string argument inserts a country value into the generated certificate request.
State This name allowed, optional, string argument inserts a state/province value into the generated certificate request.
City This name allowed, optional, string argument inserts a locality value into the generated certificate request.
Organization This name allowed, optional, string argument inserts an organization value into the generated certificate request.
OrganizationalUnit This name allowed, optional, string argument inserts an organization unit (OU) value into the generated certificate request.
CommonName This name allowed, optional, string argument inserts a common-name (CN) value into the generated certificate request.

Return codes

0All is well.
3Out of CCATEMP.
5Stringlist identifier missing.
6Invalid Stringlist identifier.
7Insufficient storage.
10Private key Stringlist identifier missing.
11Invalid private key Stringlist identifier.
12Invalid private key.
13Challenge data mismatch.
14Bad private key/challenge signature.

Examples

In the following example, the certificate request that is generated from a private key by AppendCertificateRequest is displayed in base64, then checked by CheckCertificateRequest, then converted to string by PemToString and loaded to an XmlDoc by DerToXmlDoc:

b %sl is object stringlist %pk is object stringlist %rc is float %ls is longstring %sl = new text to %pk raw -----BEGIN RSA PRIVATE KEY----- MIICWgIBAAKBgQC1HvRz+5Jcv+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR2 40wBkUgBusYubiTZBFmfb6Woqiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVT LGWosw0VEZaO0bZmlTat3bemp8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBAwKB gB4v02ip7bof/CRuJdOWZpEqgDYeYqlC3ITrmE5fQrtuiUSwK2kl4gBC4VWfIQe9 BiQrZEU9RkbHBnAZv9irsEnMX1ZgYdntsW5xHe7K1wowBRUrQgAD5SPYRc5b0JEX PTPL+aJzNaSQNQ/KW3O+QZVN5p3Co2TqjwDzcutQsSkfAkEA+pYxMH2wTCcmabe3 p76qjE2SERSf7nk2yTqw29w1hSYqsj7By51vLWFH/35rMBiqAC5yTgmQjlJIIXw6 kz4ASwJBALkImXUd0PmaJLrCwRIhyDFpeq+UsyaNmtgvjg7W8sEhBRseHV7YXBkh 8mQ6VLMBhtxip7aotArZtwJiPc25ES0CQQCnDst1qSAyxMRGenpv1HGy3mFguGqe +3nbfHXn6COuGXHMKdaHvkoeQNqqVEd1ZcaqyaGJW7W0NtrA/XxiKVWHAkB7WxD4 votREW3R1ytha9rLm6cfuHdvCRHldQlfOfcra1i8vr4/OugQwUxC0Y3Mq689lxp5 xc1ckSSsQX6JJgtzAkAPAzNsxdsNaAES3L5yqkbux8W2Y2YdjjxZMl1sdPqn9rXN A8fe68sT76U9rhuJemue1h9jxgq6fscFqZkbNRll -----END RSA PRIVATE KEY----- end text %rc = %sl:appendCertificaterequest(%pk, country='USA') print 'return code is ' %rc %sl:print %rc = %sl:CheckCertificateRequest(PrivateKey=%pk) print 'checkcert return code is ' %rc %ls = %sl:pemtostring('NEW CERTIFICATE REQUEST') %ls:derToXmlDoc:print end

The result is something like:

return code is 0 -----BEGIN NEW CERTIFICATE REQUEST----- MIIBPTCBpwIBADAAMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC1HvRz+5Jc v+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR240wBkUgBusYubiTZBFmfb6Wo qiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVTLGWosw0VEZaO0bZmlTat3bem p8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBA6AAMA0GCSqGSIb3DQEBBAUAA4GB ADWssWlvaA55XIg0VezigMSpIumTtRUUGHSA3H3l8f7bo3FLPyWg1dr2MSwJKW09 OmEAPGfQgmxN+LTEkzkjHGkevU0Mlj5MvtnF3ltdVbbJHSY+KW+DrdeRjU/5AiMj e/43fYThb2ea4JySezVY7AUSls5+4C1yx0V3X1s677lI -----END NEW CERTIFICATE REQUEST----- checkcert return code is 0 <Sequence> <Sequence> <Integer>0</Integer> <Sequence/> <Set> <Sequence> <ObjectIdentifier>2.5.4.6</ObjectIdentifier> <PrintableString>USA</PrintableString> </Sequence> </Set> <Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier> <Null/> </Sequence> <BitString bits="1104"> 30818702818100B51EF473 ... 62E6E24D904599F6- FA5A8AA26A09A7F1 ... A3B0AFF8CC9486A2- 188604D88FFC451E082F020103 </BitString> </Sequence> <ContextSpecific tag="0"/> </Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.4</ObjectIdentifier> <Null/> </Sequence> <BitString bits="1024"> 35ACB1696F680E79 ... C4DF8B4C49339231- C691EBD4D0C963E4 ... 45775F5B3AEFB948 </BitString> </Sequence>

See also