AppendCertificateRequest (Stringlist function): Difference between revisions

From m204wiki
Jump to navigation Jump to search
mNo edit summary
m (→‎See also: add method to list)
 
(29 intermediate revisions by 6 users not shown)
Line 1: Line 1:
{{Template:Stringlist:AppendCertificateRequest subtitle}}
{{Template:Stringlist:AppendCertificateRequest subtitle}}
 
This [[Notation conventions for methods#Callable functions|callable]] method generates an SSL certificate request from a given private key, and it adds the certificate request lines to the end of a <var>Stringlist</var>.
This [[Notation conventions for methods#Callable functions|callable]] method generates an SSL client certificate request from a given private key, and it adds the certificate request lines to the end of a <var>Stringlist</var>.


==Syntax==
==Syntax==
Line 7: Line 6:


===Syntax terms===
===Syntax terms===
<table class="syntaxTable">
<table>
<tr><th>%rc</th>
<tr><th>%rc</th>
<td>An, optional, numeric variable that is set to zero if the function is a success. The possible return codes are described below in [[#Return codes|"Return codes"]]. </td></tr>
<td>An, optional, numeric variable that is set to zero if the function is a success. The possible return codes are described below in [[#Return codes|Return codes]]. </td></tr>


<tr><th>sl</th>
<tr><th>sl</th>
<td>A Stringlist object to contain the generated request.</td></tr>
<td>A <var>Stringlist</var> object to contain the generated request.</td></tr>


<tr><th><var>PrivateKey</var></th>
<tr><th><var>PrivateKey</var></th>
<td>This [[Notation conventions for methods#Named parameters|name allowed]] parameter is a <var>Stringlist</var> object that contains an RSA-generated private key. This value must be less than or equal to 2048 bits. </td></tr>
<td>This [[Notation conventions for methods#Named parameters|name allowed]] parameter is a string or <var>Stringlist</var> that contains an RSA-generated private key. This key must be greater than or equal to 512 and less than or equal to 4096 (as of version 7.7 of Model&nbsp;204). The pre-7.7 maximum is 2048 bits. </td></tr>


<tr><th><var>Country</var></th>
<tr><th><var>Country</var></th>
<td>string</td></tr>
<td>This name allowed, optional, string argument inserts a country value into the generated certificate request. </td></tr>


<tr><th><var>State</var></th>
<tr><th><var>State</var></th>
<td>string</td></tr>
<td>This name allowed, optional, string argument inserts a state/province value into the generated certificate request. </td></tr>


<tr><th><var>City</var></th>
<tr><th><var>City</var></th>
<td>string</td></tr>
<td>This name allowed, optional, string argument inserts a locality value into the generated certificate request. </td></tr>


<tr><th><var>Organization</var></th>
<tr><th><var>Organization</var></th>
<td>string</td></tr>
<td>This name allowed, optional, string argument inserts an organization value into the generated certificate request. </td></tr>


<tr><th><var>OrganizationalUnit</var></th>
<tr><th><var>OrganizationalUnit</var></th>
<td>string</td></tr>
<td>This name allowed, optional, string argument inserts an organization unit (OU) value into the generated certificate request. </td></tr>


<tr><th><var>CommonName</var></th>
<tr><th><var>CommonName</var></th>
<td>string</td></tr>
<td>This name allowed, optional, string argument inserts a common-name (CN) value into the generated certificate request.</td></tr>
 
<tr><th><var>SignatureAlgorithm</var></th>
<td>This optional, [[Notation conventions for methods#Named parameters|name required]], argument is a <var>[[DigestAlgorithm enumeration|DigestAlgorithm]]</var> enumeration value. Valid values are: <var>MD5</var>, <var>SHA1</var>, <var>SHA256</var>, <var>SHA384</var> (Model&nbsp;204 7.7 and later), and <var>SHA512</var> (Model&nbsp;204 7.7 and later).
<p class="note"><b>Note:</b> Although supported and currently the default, most modern browsers are deprecating <var>SHA1</var>.</p></td></tr>
</table>
</table>


===Return codes===
===Return codes===
<table>
<table class="thJustBold">
<tr><th>0</th><td>All is well.</td></tr>
<tr><th>0</th>
<tr><th>3</th><td>Out of CCATEMP.</td></tr>
<td>All is well.</td></tr>
<tr><th>5</th><td><var>Stringlist</var> identifier missing.</td></tr>
 
<tr><th>6</th><td>Invalid <var>Stringlist</var> identifier.</td></tr>
<tr><th>7</th>
<tr><th>7</th><td>Insufficient storage.</td></tr>
<td>Insufficient storage.</td></tr>
<tr><th>10</th><td>Private key <var>Stringlist</var> identifier missing.</td></tr>
 
<tr><th>11</th><td>Invalid private key <var>Stringlist</var> identifier.</td></tr>
<tr><th>10</th>
<tr><th>12</th><td>Invalid private key.</td></tr>
<td>Private key <var>Stringlist</var> identifier missing.</td></tr>
<tr><th>13</th><td>Challenge data mismatch.</td></tr>
 
<tr><th>14</th><td>Bad private key/challenge signature.</td></tr>
<tr><th>11</th>
<td>Invalid private key <var>Stringlist</var> identifier.</td></tr>
 
<tr><th>12</th>
<td>Invalid private key.</td></tr>
 
<tr><th>13</th>
<td>Challenge data mismatch.</td></tr>
 
<tr><th>14</th>
<td>Bad private key/challenge signature.</td></tr>
</table>
</table>


==Usage notes==
==Examples==
In the following example, the certificate request that is generated from a private key by <var>AppendCertificateRequest</var> is displayed in base64, then checked by <var>[[CheckCertificateRequest (Stringlist function)|CheckCertificateRequest]]</var>, then converted to string by <var>[[PemToString (Stringlist function)|PemToString]]</var> and loaded to an <var>XmlDoc</var> by <var>[[DerToXmlDoc (String function)|DerToXmlDoc]]</var>:
<p class="code">b
 
%sl  is object stringlist
%pk is object stringlist
%rc is float     
%ls is longstring 
%sl = new
 
text to %pk raw
&#45;----BEGIN RSA PRIVATE KEY-----                               
MIICWgIBAAKBgQC1HvRz+5Jcv+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR2
40wBkUgBusYubiTZBFmfb6Woqiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVT
LGWosw0VEZaO0bZmlTat3bemp8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBAwKB
gB4v02ip7bof/CRuJdOWZpEqgDYeYqlC3ITrmE5fQrtuiUSwK2kl4gBC4VWfIQe9
BiQrZEU9RkbHBnAZv9irsEnMX1ZgYdntsW5xHe7K1wowBRUrQgAD5SPYRc5b0JEX
PTPL+aJzNaSQNQ/KW3O+QZVN5p3Co2TqjwDzcutQsSkfAkEA+pYxMH2wTCcmabe3
p76qjE2SERSf7nk2yTqw29w1hSYqsj7By51vLWFH/35rMBiqAC5yTgmQjlJIIXw6
kz4ASwJBALkImXUd0PmaJLrCwRIhyDFpeq+UsyaNmtgvjg7W8sEhBRseHV7YXBkh
8mQ6VLMBhtxip7aotArZtwJiPc25ES0CQQCnDst1qSAyxMRGenpv1HGy3mFguGqe
+3nbfHXn6COuGXHMKdaHvkoeQNqqVEd1ZcaqyaGJW7W0NtrA/XxiKVWHAkB7WxD4
votREW3R1ytha9rLm6cfuHdvCRHldQlfOfcra1i8vr4/OugQwUxC0Y3Mq689lxp5
xc1ckSSsQX6JJgtzAkAPAzNsxdsNaAES3L5yqkbux8W2Y2YdjjxZMl1sdPqn9rXN
A8fe68sT76U9rhuJemue1h9jxgq6fscFqZkbNRll                       
&#45;----END RSA PRIVATE KEY-----                                 
end text
 
%rc = %sl:appendCertificaterequest(%pk, country='USA')
print 'return code is ' %rc           
%sl:print
 
%rc = %sl:CheckCertificateRequest(PrivateKey=%pk)
print 'checkcert return code is ' %rc
 
%ls = %sl:pemtostring('NEW CERTIFICATE REQUEST')
%ls:derToXmlDoc:print                         
end
</p>
The result is something like:
<p class="output">
return code is 0                                               
&#45;----BEGIN NEW CERTIFICATE REQUEST-----                       
MIIBPTCBpwIBADAAMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC1HvRz+5Jc
v+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR240wBkUgBusYubiTZBFmfb6Wo
qiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVTLGWosw0VEZaO0bZmlTat3bem
p8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBA6AAMA0GCSqGSIb3DQEBBAUAA4GB
ADWssWlvaA55XIg0VezigMSpIumTtRUUGHSA3H3l8f7bo3FLPyWg1dr2MSwJKW09
OmEAPGfQgmxN+LTEkzkjHGkevU0Mlj5MvtnF3ltdVbbJHSY+KW+DrdeRjU/5AiMj
e/43fYThb2ea4JySezVY7AUSls5+4C1yx0V3X1s677lI                   
&#45;----END NEW CERTIFICATE REQUEST-----
checkcert return code is 0
<Sequence>
  <Sequence>
      <Integer>0</Integer>
      <Sequence/>
        <Set>
            <Sequence>
              <ObjectIdentifier>2.5.4.6</ObjectIdentifier>
              <PrintableString>USA</PrintableString>
            </Sequence>
        </Set>                                           
      <Sequence>
        <Sequence>
            <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier>  <Null/> 
        </Sequence>
        <BitString bits="1104"> 30818702818100B51EF473 ... 62E6E24D904599F6-
FA5A8AA26A09A7F1 ... A3B0AFF8CC9486A2-
188604D88FFC451E082F020103
        </BitString>
      </Sequence>
      <ContextSpecific tag="0"/>
  </Sequence>
  <Sequence>
      <ObjectIdentifier>1.2.840.113549.1.1.4</ObjectIdentifier>
      <Null/>
  </Sequence> 
  <BitString bits="1024"> 35ACB1696F680E79 ... C4DF8B4C49339231-
C691EBD4D0C963E4 ... 45775F5B3AEFB948
  </BitString>
</Sequence>    </p>
 
==See also==
<p>
<var>Stringlist</var> methods: </p>
{{Template:Stringlist crypto methods}}
<p>
<var>String</var> methods:</p>
<ul>
<ul>
<li>To review the contents of the generated request, you can use <var>[[DerToXmlDoc (String function)|DerToXmlDoc]]</var>.
<li><var>[[CertificateRequest (String function)|CertificateRequest]]</var> </li>
</ul>
 
<li><var>[[SignedCertificate (String function)|SignedCertificate]]</var> </li>
 
<li><var>[[SignedClientCertificate (String function)|SignedClientCertificate]]</var> </li>
 
<li><var>[[DerToXmlDoc (String function)|DerToXmlDoc]]</var> </li>
 
<li><var>[[RSAPrivateKeyToXmlDoc (String function)|RSAPrivateKeyToXmlDoc]]</var></li>
 
<li><var>[[X509CertificateToXmlDoc (String function)|X509CertificateToXmlDoc]]</var> </li>


==Examples==
<li><var>[[X509CrlToXmlDoc (String function)|X509CrlToXmlDoc]]</var> </li>


==See also==
<li>Multiple cryptographic cipher methods </li>
</ul>
<p>
<var>System</var> methods: </p>
<ul>
<li><var>[[ClientCertificate (System function)|ClientCertificate]]</var> </li><li><var>[[GeneratedPrivateKey (System function)|GeneratedPrivateKey]]</var> </li>
</ul>
<p>
<var>Socket</var> methods: </p>
<ul>
<ul>
<li><var>[[AppendCertificateInfo (Stringlist function)|AppendCertificateInfo]]</var>
<li><var>[[Certificate (Socket function)|Certificate]]</var> </li>
<li><var>[[AppendCertificateRequestInfo (Stringlist function)|AppendCertificateRequestInfo]]</var>
<li><var>[[AppendClientCertificateRequest (Stringlist function)|AppendClientCertificateRequest]]</var>
<li><var>[[AppendPrivateKeyInfo (Stringlist function)|AppendPrivateKeyInfo]]</var>
<li><var>[[AppendSignedCertificate (Stringlist function)|AppendSignedCertificate]]</var>
<li><var>[[AppendSignedClientCertificate (Stringlist function)|AppendSignedClientCertificate]]</var>
<li><var>[[CheckCertificate (Stringlist function)|CheckCertificate]]</var>
<li><var>[[CheckCertificateRequest (Stringlist function)|CheckCertificateRequest]]</var>
</ul>
</ul>
{{Template:Stringlist:AppendCertificateRequest footer}}
{{Template:Stringlist:AppendCertificateRequest footer}}

Latest revision as of 15:11, 6 September 2018

Add certificate request to a Stringlist (Stringlist class)

[Requires Janus Network Security]

This callable method generates an SSL certificate request from a given private key, and it adds the certificate request lines to the end of a Stringlist.

Syntax

[%rc =] sl:AppendCertificateRequest( [PrivateKey=] string, - [[Country=] string], [[State=] string], - [[City=] string], - [[Organization=] string], - [[OrganizationalUnit=] string], - [[CommonName=] string], - [SignatureAlgorithm= digestAlgorithm])

Syntax terms

%rc An, optional, numeric variable that is set to zero if the function is a success. The possible return codes are described below in Return codes.
sl A Stringlist object to contain the generated request.
PrivateKey This name allowed parameter is a string or Stringlist that contains an RSA-generated private key. This key must be greater than or equal to 512 and less than or equal to 4096 (as of version 7.7 of Model 204). The pre-7.7 maximum is 2048 bits.
Country This name allowed, optional, string argument inserts a country value into the generated certificate request.
State This name allowed, optional, string argument inserts a state/province value into the generated certificate request.
City This name allowed, optional, string argument inserts a locality value into the generated certificate request.
Organization This name allowed, optional, string argument inserts an organization value into the generated certificate request.
OrganizationalUnit This name allowed, optional, string argument inserts an organization unit (OU) value into the generated certificate request.
CommonName This name allowed, optional, string argument inserts a common-name (CN) value into the generated certificate request.
SignatureAlgorithm This optional, name required, argument is a DigestAlgorithm enumeration value. Valid values are: MD5, SHA1, SHA256, SHA384 (Model 204 7.7 and later), and SHA512 (Model 204 7.7 and later).

Note: Although supported and currently the default, most modern browsers are deprecating SHA1.

Return codes

0 All is well.
7 Insufficient storage.
10 Private key Stringlist identifier missing.
11 Invalid private key Stringlist identifier.
12 Invalid private key.
13 Challenge data mismatch.
14 Bad private key/challenge signature.

Examples

In the following example, the certificate request that is generated from a private key by AppendCertificateRequest is displayed in base64, then checked by CheckCertificateRequest, then converted to string by PemToString and loaded to an XmlDoc by DerToXmlDoc:

b %sl is object stringlist %pk is object stringlist %rc is float %ls is longstring %sl = new text to %pk raw -----BEGIN RSA PRIVATE KEY----- MIICWgIBAAKBgQC1HvRz+5Jcv+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR2 40wBkUgBusYubiTZBFmfb6Woqiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVT LGWosw0VEZaO0bZmlTat3bemp8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBAwKB gB4v02ip7bof/CRuJdOWZpEqgDYeYqlC3ITrmE5fQrtuiUSwK2kl4gBC4VWfIQe9 BiQrZEU9RkbHBnAZv9irsEnMX1ZgYdntsW5xHe7K1wowBRUrQgAD5SPYRc5b0JEX PTPL+aJzNaSQNQ/KW3O+QZVN5p3Co2TqjwDzcutQsSkfAkEA+pYxMH2wTCcmabe3 p76qjE2SERSf7nk2yTqw29w1hSYqsj7By51vLWFH/35rMBiqAC5yTgmQjlJIIXw6 kz4ASwJBALkImXUd0PmaJLrCwRIhyDFpeq+UsyaNmtgvjg7W8sEhBRseHV7YXBkh 8mQ6VLMBhtxip7aotArZtwJiPc25ES0CQQCnDst1qSAyxMRGenpv1HGy3mFguGqe +3nbfHXn6COuGXHMKdaHvkoeQNqqVEd1ZcaqyaGJW7W0NtrA/XxiKVWHAkB7WxD4 votREW3R1ytha9rLm6cfuHdvCRHldQlfOfcra1i8vr4/OugQwUxC0Y3Mq689lxp5 xc1ckSSsQX6JJgtzAkAPAzNsxdsNaAES3L5yqkbux8W2Y2YdjjxZMl1sdPqn9rXN A8fe68sT76U9rhuJemue1h9jxgq6fscFqZkbNRll -----END RSA PRIVATE KEY----- end text %rc = %sl:appendCertificaterequest(%pk, country='USA') print 'return code is ' %rc %sl:print %rc = %sl:CheckCertificateRequest(PrivateKey=%pk) print 'checkcert return code is ' %rc %ls = %sl:pemtostring('NEW CERTIFICATE REQUEST') %ls:derToXmlDoc:print end

The result is something like:

return code is 0 -----BEGIN NEW CERTIFICATE REQUEST----- MIIBPTCBpwIBADAAMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC1HvRz+5Jc v+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR240wBkUgBusYubiTZBFmfb6Wo qiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVTLGWosw0VEZaO0bZmlTat3bem p8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBA6AAMA0GCSqGSIb3DQEBBAUAA4GB ADWssWlvaA55XIg0VezigMSpIumTtRUUGHSA3H3l8f7bo3FLPyWg1dr2MSwJKW09 OmEAPGfQgmxN+LTEkzkjHGkevU0Mlj5MvtnF3ltdVbbJHSY+KW+DrdeRjU/5AiMj e/43fYThb2ea4JySezVY7AUSls5+4C1yx0V3X1s677lI -----END NEW CERTIFICATE REQUEST----- checkcert return code is 0 <Sequence> <Sequence> <Integer>0</Integer> <Sequence/> <Set> <Sequence> <ObjectIdentifier>2.5.4.6</ObjectIdentifier> <PrintableString>USA</PrintableString> </Sequence> </Set> <Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier> <Null/> </Sequence> <BitString bits="1104"> 30818702818100B51EF473 ... 62E6E24D904599F6- FA5A8AA26A09A7F1 ... A3B0AFF8CC9486A2- 188604D88FFC451E082F020103 </BitString> </Sequence> <ContextSpecific tag="0"/> </Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.4</ObjectIdentifier> <Null/> </Sequence> <BitString bits="1024"> 35ACB1696F680E79 ... C4DF8B4C49339231- C691EBD4D0C963E4 ... 45775F5B3AEFB948 </BitString> </Sequence>

See also

Stringlist methods:

String methods:

System methods:

Socket methods: