AppendCertificateRequest (Stringlist function): Difference between revisions
| m →See also:   typos | m →See also:   add links | ||
| Line 178: | Line 178: | ||
| <li><var>[[CheckCertificateRequest (Stringlist function)|CheckCertificateRequest]]</var></li> | <li><var>[[CheckCertificateRequest (Stringlist function)|CheckCertificateRequest]]</var></li> | ||
| </ul> | </ul> | ||
| <p> | <p> | ||
| <var>String</var> methods:</p> | <var>String</var> methods:</p> | ||
| <ul> | <ul> | ||
| <li><var>[[CertificateRequest (String function)|CertificateRequest]]</var> </li> | |||
| <li><var>[[SignedCertificate (String function)|SignedCertificate]]</var> </li> | |||
| <li>[[Release notes for Sirius Mods V8.0#DER2Xml|DER-to-XmlDoc methods]]</li> | <li>[[Release notes for Sirius Mods V8.0#DER2Xml|DER-to-XmlDoc methods]]</li> | ||
| </ul> | </ul> | ||
| <p> | <p> | ||
| <var>System</var> methods: </p> | <var>System</var> methods: </p> | ||
Revision as of 18:59, 14 March 2016
Add certificate request to a Stringlist (Stringlist class)
[Requires Janus Network Security]
This callable method generates an SSL client certificate request from a given private key, and it adds the certificate request lines to the end of a Stringlist.
Syntax
[%rc =] sl:AppendCertificateRequest( [PrivateKey=] string, - [[Country=] string], [[State=] string], - [[City=] string], - [[Organization=] string], - [[OrganizationalUnit=] string], - [[CommonName=] string], - [SignatureAlgorithm= digestAlgorithm])
Syntax terms
| %rc | An, optional, numeric variable that is set to zero if the function is a success. The possible return codes are described below in Return codes. | 
|---|---|
| sl | A Stringlist object to contain the generated request. | 
| PrivateKey | This name allowed parameter is a Stringlist object that contains an RSA-generated private key. This value must be less than or equal to 2048 bits. | 
| Country | This name allowed, optional, string argument inserts a country value into the generated certificate request. | 
| State | This name allowed, optional, string argument inserts a state/province value into the generated certificate request. | 
| City | This name allowed, optional, string argument inserts a locality value into the generated certificate request. | 
| Organization | This name allowed, optional, string argument inserts an organization value into the generated certificate request. | 
| OrganizationalUnit | This name allowed, optional, string argument inserts an organization unit (OU) value into the generated certificate request. | 
| CommonName | This name allowed, optional, string argument inserts a common-name (CN) value into the generated certificate request. | 
| SignatureAlgorithm | This optional, name required, argument is a DigestAlgorithm enumeration value.  Valid options are: MD5, SHA1, SHA256. Note: Although supported and currently the default, most modern browsers are deprecating SHA1. | 
Return codes
| 0 | All is well. | 
|---|---|
| 3 | Out of CCATEMP. | 
| 5 | Stringlist identifier missing. | 
| 6 | Invalid Stringlist identifier. | 
| 7 | Insufficient storage. | 
| 10 | Private key Stringlist identifier missing. | 
| 11 | Invalid private key Stringlist identifier. | 
| 12 | Invalid private key. | 
| 13 | Challenge data mismatch. | 
| 14 | Bad private key/challenge signature. | 
Examples
In the following example, the certificate request that is generated from a private key by AppendCertificateRequest is displayed in base64, then checked by CheckCertificateRequest, then converted to string by PemToString and loaded to an XmlDoc by DerToXmlDoc:
b %sl is object stringlist %pk is object stringlist %rc is float %ls is longstring %sl = new text to %pk raw -----BEGIN RSA PRIVATE KEY----- MIICWgIBAAKBgQC1HvRz+5Jcv+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR2 40wBkUgBusYubiTZBFmfb6Woqiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVT LGWosw0VEZaO0bZmlTat3bemp8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBAwKB gB4v02ip7bof/CRuJdOWZpEqgDYeYqlC3ITrmE5fQrtuiUSwK2kl4gBC4VWfIQe9 BiQrZEU9RkbHBnAZv9irsEnMX1ZgYdntsW5xHe7K1wowBRUrQgAD5SPYRc5b0JEX PTPL+aJzNaSQNQ/KW3O+QZVN5p3Co2TqjwDzcutQsSkfAkEA+pYxMH2wTCcmabe3 p76qjE2SERSf7nk2yTqw29w1hSYqsj7By51vLWFH/35rMBiqAC5yTgmQjlJIIXw6 kz4ASwJBALkImXUd0PmaJLrCwRIhyDFpeq+UsyaNmtgvjg7W8sEhBRseHV7YXBkh 8mQ6VLMBhtxip7aotArZtwJiPc25ES0CQQCnDst1qSAyxMRGenpv1HGy3mFguGqe +3nbfHXn6COuGXHMKdaHvkoeQNqqVEd1ZcaqyaGJW7W0NtrA/XxiKVWHAkB7WxD4 votREW3R1ytha9rLm6cfuHdvCRHldQlfOfcra1i8vr4/OugQwUxC0Y3Mq689lxp5 xc1ckSSsQX6JJgtzAkAPAzNsxdsNaAES3L5yqkbux8W2Y2YdjjxZMl1sdPqn9rXN A8fe68sT76U9rhuJemue1h9jxgq6fscFqZkbNRll -----END RSA PRIVATE KEY----- end text %rc = %sl:appendCertificaterequest(%pk, country='USA') print 'return code is ' %rc %sl:print %rc = %sl:CheckCertificateRequest(PrivateKey=%pk) print 'checkcert return code is ' %rc %ls = %sl:pemtostring('NEW CERTIFICATE REQUEST') %ls:derToXmlDoc:print end
The result is something like:
return code is 0 -----BEGIN NEW CERTIFICATE REQUEST----- MIIBPTCBpwIBADAAMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC1HvRz+5Jc v+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR240wBkUgBusYubiTZBFmfb6Wo qiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVTLGWosw0VEZaO0bZmlTat3bem p8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBA6AAMA0GCSqGSIb3DQEBBAUAA4GB ADWssWlvaA55XIg0VezigMSpIumTtRUUGHSA3H3l8f7bo3FLPyWg1dr2MSwJKW09 OmEAPGfQgmxN+LTEkzkjHGkevU0Mlj5MvtnF3ltdVbbJHSY+KW+DrdeRjU/5AiMj e/43fYThb2ea4JySezVY7AUSls5+4C1yx0V3X1s677lI -----END NEW CERTIFICATE REQUEST----- checkcert return code is 0 <Sequence> <Sequence> <Integer>0</Integer> <Sequence/> <Set> <Sequence> <ObjectIdentifier>2.5.4.6</ObjectIdentifier> <PrintableString>USA</PrintableString> </Sequence> </Set> <Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier> <Null/> </Sequence> <BitString bits="1104"> 30818702818100B51EF473 ... 62E6E24D904599F6- FA5A8AA26A09A7F1 ... A3B0AFF8CC9486A2- 188604D88FFC451E082F020103 </BitString> </Sequence> <ContextSpecific tag="0"/> </Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.4</ObjectIdentifier> <Null/> </Sequence> <BitString bits="1024"> 35ACB1696F680E79 ... C4DF8B4C49339231- C691EBD4D0C963E4 ... 45775F5B3AEFB948 </BitString> </Sequence>
See also
Stringlist methods:
- AppendCertificateInfo
- AppendCertificateRequestInfo
- AppendClientCertificateRequest
- AppendEncryptedSecurityData
- AppendGeneratedPrivateKey
- AppendPrivateKeyInfo
- AppendSignedCertificate
- AppendSignedClientCertificate
- CheckCertificate
- CheckCertificateRequest
String methods:
System methods: