AppendCertificateRequest (Stringlist function)

From m204wiki
Revision as of 20:39, 29 August 2016 by JAL (talk | contribs) (add 7.7 maximum length)
Jump to navigation Jump to search

Add certificate request to a Stringlist (Stringlist class)

[Requires Janus Network Security]

This callable method generates an SSL client certificate request from a given private key, and it adds the certificate request lines to the end of a Stringlist.

Syntax

[%rc =] sl:AppendCertificateRequest( [PrivateKey=] string, - [[Country=] string], [[State=] string], - [[City=] string], - [[Organization=] string], - [[OrganizationalUnit=] string], - [[CommonName=] string], - [SignatureAlgorithm= digestAlgorithm])

Syntax terms

%rc An, optional, numeric variable that is set to zero if the function is a success. The possible return codes are described below in Return codes.
sl A Stringlist object to contain the generated request.
PrivateKey This name allowed parameter is a string or Stringlist that contains an RSA-generated private key. This key must be greater than or equal to 512 and less than or equal to 4096 (as of version 7.7 of Model 204). The pre-7.7 maximum is 2048 bits.
Country This name allowed, optional, string argument inserts a country value into the generated certificate request.
State This name allowed, optional, string argument inserts a state/province value into the generated certificate request.
City This name allowed, optional, string argument inserts a locality value into the generated certificate request.
Organization This name allowed, optional, string argument inserts an organization value into the generated certificate request.
OrganizationalUnit This name allowed, optional, string argument inserts an organization unit (OU) value into the generated certificate request.
CommonName This name allowed, optional, string argument inserts a common-name (CN) value into the generated certificate request.
SignatureAlgorithm This optional, name required, argument is a DigestAlgorithm enumeration value. Valid values are: MD5, SHA1, SHA256, SHA384 (Model 204 7.7 and later), and SHA512 (Model 204 7.7 and later).

Note: Although supported and currently the default, most modern browsers are deprecating SHA1.

Return codes

0 All is well.
7 Insufficient storage.
10 Private key Stringlist identifier missing.
11 Invalid private key Stringlist identifier.
12 Invalid private key.
13 Challenge data mismatch.
14 Bad private key/challenge signature.

Examples

In the following example, the certificate request that is generated from a private key by AppendCertificateRequest is displayed in base64, then checked by CheckCertificateRequest, then converted to string by PemToString and loaded to an XmlDoc by DerToXmlDoc:

b %sl is object stringlist %pk is object stringlist %rc is float %ls is longstring %sl = new text to %pk raw -----BEGIN RSA PRIVATE KEY----- MIICWgIBAAKBgQC1HvRz+5Jcv+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR2 40wBkUgBusYubiTZBFmfb6Woqiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVT LGWosw0VEZaO0bZmlTat3bemp8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBAwKB gB4v02ip7bof/CRuJdOWZpEqgDYeYqlC3ITrmE5fQrtuiUSwK2kl4gBC4VWfIQe9 BiQrZEU9RkbHBnAZv9irsEnMX1ZgYdntsW5xHe7K1wowBRUrQgAD5SPYRc5b0JEX PTPL+aJzNaSQNQ/KW3O+QZVN5p3Co2TqjwDzcutQsSkfAkEA+pYxMH2wTCcmabe3 p76qjE2SERSf7nk2yTqw29w1hSYqsj7By51vLWFH/35rMBiqAC5yTgmQjlJIIXw6 kz4ASwJBALkImXUd0PmaJLrCwRIhyDFpeq+UsyaNmtgvjg7W8sEhBRseHV7YXBkh 8mQ6VLMBhtxip7aotArZtwJiPc25ES0CQQCnDst1qSAyxMRGenpv1HGy3mFguGqe +3nbfHXn6COuGXHMKdaHvkoeQNqqVEd1ZcaqyaGJW7W0NtrA/XxiKVWHAkB7WxD4 votREW3R1ytha9rLm6cfuHdvCRHldQlfOfcra1i8vr4/OugQwUxC0Y3Mq689lxp5 xc1ckSSsQX6JJgtzAkAPAzNsxdsNaAES3L5yqkbux8W2Y2YdjjxZMl1sdPqn9rXN A8fe68sT76U9rhuJemue1h9jxgq6fscFqZkbNRll -----END RSA PRIVATE KEY----- end text %rc = %sl:appendCertificaterequest(%pk, country='USA') print 'return code is ' %rc %sl:print %rc = %sl:CheckCertificateRequest(PrivateKey=%pk) print 'checkcert return code is ' %rc %ls = %sl:pemtostring('NEW CERTIFICATE REQUEST') %ls:derToXmlDoc:print end

The result is something like:

return code is 0 -----BEGIN NEW CERTIFICATE REQUEST----- MIIBPTCBpwIBADAAMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC1HvRz+5Jc v+jalOL1hmdm/wFEtk/3kSsdhZHWO5BklzecIQR240wBkUgBusYubiTZBFmfb6Wo qiagmn8UBiG8fdrQ5+ac1+nhyy4Reuqv3dWLxDVTLGWosw0VEZaO0bZmlTat3bem p8GZId12WKOwr/jMlIaiGIYE2I/8RR4ILwIBA6AAMA0GCSqGSIb3DQEBBAUAA4GB ADWssWlvaA55XIg0VezigMSpIumTtRUUGHSA3H3l8f7bo3FLPyWg1dr2MSwJKW09 OmEAPGfQgmxN+LTEkzkjHGkevU0Mlj5MvtnF3ltdVbbJHSY+KW+DrdeRjU/5AiMj e/43fYThb2ea4JySezVY7AUSls5+4C1yx0V3X1s677lI -----END NEW CERTIFICATE REQUEST----- checkcert return code is 0 <Sequence> <Sequence> <Integer>0</Integer> <Sequence/> <Set> <Sequence> <ObjectIdentifier>2.5.4.6</ObjectIdentifier> <PrintableString>USA</PrintableString> </Sequence> </Set> <Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier> <Null/> </Sequence> <BitString bits="1104"> 30818702818100B51EF473 ... 62E6E24D904599F6- FA5A8AA26A09A7F1 ... A3B0AFF8CC9486A2- 188604D88FFC451E082F020103 </BitString> </Sequence> <ContextSpecific tag="0"/> </Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.4</ObjectIdentifier> <Null/> </Sequence> <BitString bits="1024"> 35ACB1696F680E79 ... C4DF8B4C49339231- C691EBD4D0C963E4 ... 45775F5B3AEFB948 </BitString> </Sequence>

See also

Stringlist methods:

String methods:

System methods:

Socket methods: