AppendCertificateRequest (Stringlist function): Difference between revisions

From m204wiki
Jump to navigation Jump to search
mNo edit summary
Line 12: Line 12:


<tr><th>sl</th>
<tr><th>sl</th>
<td>A Stringlist object to contain the generated request.</td></tr>
<td>A <var>Stringlist</var> object to contain the generated request.</td></tr>


<tr><th><var>PrivateKey</var></th>
<tr><th><var>PrivateKey</var></th>
Line 18: Line 18:


<tr><th><var>Country</var></th>
<tr><th><var>Country</var></th>
<td>string</td></tr>
<td>This name allowed, optional, string argument inserts a country value into the generated certificate request. </td></tr>


<tr><th><var>State</var></th>
<tr><th><var>State</var></th>
<td>string</td></tr>
<td>This name allowed, optional, string argument inserts a state/province value into the generated certificate request. </td></tr>


<tr><th><var>City</var></th>
<tr><th><var>City</var></th>
<td>string</td></tr>
<td>This name allowed, optional, string argument inserts a city value into the generated certificate request. </td></tr>


<tr><th><var>Organization</var></th>
<tr><th><var>Organization</var></th>
<td>string</td></tr>
<td>This name allowed, optional, string argument inserts an organization value into the generated certificate request. </td></tr>


<tr><th><var>OrganizationalUnit</var></th>
<tr><th><var>OrganizationalUnit</var></th>
<td>string</td></tr>
<td>This name allowed, optional, string argument inserts an organization unit value into the generated certificate request. </td></tr>


<tr><th><var>CommonName</var></th>
<tr><th><var>CommonName</var></th>
<td>string</td></tr>
<td>This name allowed, optional, string argument inserts a common-name value into the generated certificate request.</td></tr>
</table>
</table>


Line 56: Line 56:


==Examples==
==Examples==
In the following example, the certificate request that is generated from a private key by <var>AppendCertificateRequest</var> is displayed in base64, then checked by <var>[[CheckCertificateRequest (Stringlist function)|CheckCertificateRequest]]</var>, then converted to string by <var>[[PemToString (Stringlist function)|PemToString]]</var>:
In the following example, the certificate request that is generated from a private key by <var>AppendCertificateRequest</var> is displayed in base64, then checked by <var>[[CheckCertificateRequest (Stringlist function)|CheckCertificateRequest]]</var>, then converted to string by <var>[[PemToString (Stringlist function)|PemToString]]</var> and loaded to an <var>XmlDoc</var> by <var>[[DerToXmlDoc (String function)|DerToXmlDoc]]</var>:
<p class="code">b
<p class="code">b


Line 83: Line 83:
end text
end text


%rc = %sl:appendCertificaterequest(%pk)
%rc = %sl:appendCertificaterequest(%pk, country='USA')
print 'return code is ' %rc             
print 'return code is ' %rc             
%sl:print
%sl:print


%rc = %sl:CheckCertificateRequest(PrivateKey=%pk)
%rc = %sl:CheckCertificateRequest(PrivateKey=%pk)
print 'round trip return code is ' %rc  
print 'checkcert return code is ' %rc  


%ls = %sl:pemtostring('NEW CERTIFICATE REQUEST')
%ls = %sl:pemtostring('NEW CERTIFICATE REQUEST')
Line 105: Line 105:
OmEAPGfQgmxN+LTEkzkjHGkevU0Mlj5MvtnF3ltdVbbJHSY+KW+DrdeRjU/5AiMj
OmEAPGfQgmxN+LTEkzkjHGkevU0Mlj5MvtnF3ltdVbbJHSY+KW+DrdeRjU/5AiMj
e/43fYThb2ea4JySezVY7AUSls5+4C1yx0V3X1s677lI                     
e/43fYThb2ea4JySezVY7AUSls5+4C1yx0V3X1s677lI                     
&#45;----END NEW CERTIFICATE REQUEST-----                          
&#45;----END NEW CERTIFICATE REQUEST-----  
round trip return code is 0  
checkcert return code is 0  
<Sequence>  
<Sequence>  
   <Sequence>  
   <Sequence>  
       <Integer>0</Integer>
       <Integer>0</Integer>
       <Sequence/>  
       <Sequence/>  
        <Set>
            <Sequence>
              <ObjectIdentifier>2.5.4.6</ObjectIdentifier>
              <PrintableString>USA</PrintableString>
            </Sequence>
        </Set>                                           
       <Sequence>  
       <Sequence>  
         <Sequence>  
         <Sequence>  
             <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier>  <Null/>   
             <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier>  <Null/>   
         </Sequence>  
         </Sequence>  
         <BitString bits="1104"> 30818702818100B51EF473FB925CBFE8DA94E2F5866766FF0144B64FF7912B1D8591D63B906497379C210476E34C01914801BAC62E6E24D904599F6-
         <BitString bits="1104"> 30818702818100B51EF473 ... 62E6E24D904599F6-
FA5A8AA26A09A7F140621BC7DDAD0E7E69CD7E9E1CB2E117AEAAFDDD58BC435532C65A8B30D1511968ED1B6669536ADDDB7A6A7C19921DD7658A3B0AFF8CC9486A2-
FA5A8AA26A09A7F1 ... A3B0AFF8CC9486A2-
188604D88FFC451E082F020103</BitString>                                                                                                              
188604D88FFC451E082F020103
        </BitString>
       </Sequence>
       </Sequence>
       <ContextSpecific tag="0"/> </Sequence>                                                                                                                    
       <ContextSpecific tag="0"/>  
  </Sequence>  
   <Sequence>
   <Sequence>
       <ObjectIdentifier>1.2.840.113549.1.1.4</ObjectIdentifier>  
       <ObjectIdentifier>1.2.840.113549.1.1.4</ObjectIdentifier>  
       <Null/>  
       <Null/>  
   </Sequence>   
   </Sequence>   
   <BitString bits="1024"> 35ACB1696F680E795C883455ECE280C4A922E993B51514187480DC7DE5F1FEDBA3714B3F25A0D5DAF6312C09296D3D3A61003C67D0826C4DF8B4C49339231-
   <BitString bits="1024"> 35ACB1696F680E79 ... C4DF8B4C49339231-
C691EBD4D0C963E4CBED9C5DE5B5D55B6C91D263E296F83ADD7918D4FF90223237BFE377D84E16F679AE09C927B3558EC051296CE7EE02D72C745775F5B3AEFB948
C691EBD4D0C963E4 ... 45775F5B3AEFB948
   </BitString>
   </BitString>
</Sequence>    </p>
</Sequence>    </p>
Line 134: Line 142:
<li><var>[[AppendCertificateRequestInfo (Stringlist function)|AppendCertificateRequestInfo]]</var>
<li><var>[[AppendCertificateRequestInfo (Stringlist function)|AppendCertificateRequestInfo]]</var>
<li><var>[[AppendClientCertificateRequest (Stringlist function)|AppendClientCertificateRequest]]</var>
<li><var>[[AppendClientCertificateRequest (Stringlist function)|AppendClientCertificateRequest]]</var>
<li><var>[[AppendGeneratedPrivateKey (Stringlist function)|AppendGeneratedPrivateKey]]</var>
<li><var>[[AppendPrivateKeyInfo (Stringlist function)|AppendPrivateKeyInfo]]</var>
<li><var>[[AppendPrivateKeyInfo (Stringlist function)|AppendPrivateKeyInfo]]</var>
<li><var>[[AppendSignedCertificate (Stringlist function)|AppendSignedCertificate]]</var>
<li><var>[[AppendSignedCertificate (Stringlist function)|AppendSignedCertificate]]</var>

Revision as of 19:47, 25 May 2012

Add certificate request to a Stringlist (Stringlist class)

[Requires Janus Network Security]


This callable method generates an SSL client certificate request from a given private key, and it adds the certificate request lines to the end of a Stringlist.

Syntax

[%rc =] sl:AppendCertificateRequest( [PrivateKey=] string, - [[Country=] string], [[State=] string], - [[City=] string], - [[Organization=] string], - [[OrganizationalUnit=] string], - [[CommonName=] string], - [SignatureAlgorithm= digestAlgorithm])

Syntax terms

%rc An, optional, numeric variable that is set to zero if the function is a success. The possible return codes are described below in "Return codes".
sl A Stringlist object to contain the generated request.
PrivateKey This name allowed parameter is a Stringlist object that contains an RSA-generated private key. This value must be less than or equal to 2048 bits.
Country This name allowed, optional, string argument inserts a country value into the generated certificate request.
State This name allowed, optional, string argument inserts a state/province value into the generated certificate request.
City This name allowed, optional, string argument inserts a city value into the generated certificate request.
Organization This name allowed, optional, string argument inserts an organization value into the generated certificate request.
OrganizationalUnit This name allowed, optional, string argument inserts an organization unit value into the generated certificate request.
CommonName This name allowed, optional, string argument inserts a common-name value into the generated certificate request.

Return codes

0All is well.
3Out of CCATEMP.
5Stringlist identifier missing.
6Invalid Stringlist identifier.
7Insufficient storage.
10Private key Stringlist identifier missing.
11Invalid private key Stringlist identifier.
12Invalid private key.
13Challenge data mismatch.
14Bad private key/challenge signature.

Usage notes

  • To review the contents of the generated request, you can use DerToXmlDoc.

Examples

In the following example, the certificate request that is generated from a private key by AppendCertificateRequest is displayed in base64, then checked by CheckCertificateRequest, then converted to string by PemToString and loaded to an XmlDoc by DerToXmlDoc:

b %sl is object stringlist %pk is object stringlist %rc is float %ls is longstring %sl = new text to %pk raw -----BEGIN RSA PRIVATE KEY----- MIICWgIBAAKBgQC1HvRz+5Jcv+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR2 40wBkUgBusYubiTZBFmfb6Woqiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVT LGWosw0VEZaO0bZmlTat3bemp8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBAwKB gB4v02ip7bof/CRuJdOWZpEqgDYeYqlC3ITrmE5fQrtuiUSwK2kl4gBC4VWfIQe9 BiQrZEU9RkbHBnAZv9irsEnMX1ZgYdntsW5xHe7K1wowBRUrQgAD5SPYRc5b0JEX PTPL+aJzNaSQNQ/KW3O+QZVN5p3Co2TqjwDzcutQsSkfAkEA+pYxMH2wTCcmabe3 p76qjE2SERSf7nk2yTqw29w1hSYqsj7By51vLWFH/35rMBiqAC5yTgmQjlJIIXw6 kz4ASwJBALkImXUd0PmaJLrCwRIhyDFpeq+UsyaNmtgvjg7W8sEhBRseHV7YXBkh 8mQ6VLMBhtxip7aotArZtwJiPc25ES0CQQCnDst1qSAyxMRGenpv1HGy3mFguGqe +3nbfHXn6COuGXHMKdaHvkoeQNqqVEd1ZcaqyaGJW7W0NtrA/XxiKVWHAkB7WxD4 votREW3R1ytha9rLm6cfuHdvCRHldQlfOfcra1i8vr4/OugQwUxC0Y3Mq689lxp5 xc1ckSSsQX6JJgtzAkAPAzNsxdsNaAES3L5yqkbux8W2Y2YdjjxZMl1sdPqn9rXN A8fe68sT76U9rhuJemue1h9jxgq6fscFqZkbNRll -----END RSA PRIVATE KEY----- end text %rc = %sl:appendCertificaterequest(%pk, country='USA') print 'return code is ' %rc %sl:print %rc = %sl:CheckCertificateRequest(PrivateKey=%pk) print 'checkcert return code is ' %rc %ls = %sl:pemtostring('NEW CERTIFICATE REQUEST') %ls:derToXmlDoc:print end

The result is something like:

return code is 0 -----BEGIN NEW CERTIFICATE REQUEST----- MIIBPTCBpwIBADAAMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC1HvRz+5Jc v+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR240wBkUgBusYubiTZBFmfb6Wo qiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVTLGWosw0VEZaO0bZmlTat3bem p8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBA6AAMA0GCSqGSIb3DQEBBAUAA4GB ADWssWlvaA55XIg0VezigMSpIumTtRUUGHSA3H3l8f7bo3FLPyWg1dr2MSwJKW09 OmEAPGfQgmxN+LTEkzkjHGkevU0Mlj5MvtnF3ltdVbbJHSY+KW+DrdeRjU/5AiMj e/43fYThb2ea4JySezVY7AUSls5+4C1yx0V3X1s677lI -----END NEW CERTIFICATE REQUEST----- checkcert return code is 0 <Sequence> <Sequence> <Integer>0</Integer> <Sequence/> <Set> <Sequence> <ObjectIdentifier>2.5.4.6</ObjectIdentifier> <PrintableString>USA</PrintableString> </Sequence> </Set> <Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier> <Null/> </Sequence> <BitString bits="1104"> 30818702818100B51EF473 ... 62E6E24D904599F6- FA5A8AA26A09A7F1 ... A3B0AFF8CC9486A2- 188604D88FFC451E082F020103 </BitString> </Sequence> <ContextSpecific tag="0"/> </Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.4</ObjectIdentifier> <Null/> </Sequence> <BitString bits="1024"> 35ACB1696F680E79 ... C4DF8B4C49339231- C691EBD4D0C963E4 ... 45775F5B3AEFB948 </BitString> </Sequence>

See also