Sample code for 30+ languages & platforms
DataFlex

Generate a CSR containing an Extension Request

See more CSR Examples

Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoEcc
    Variant vPrng
    Handle hoPrng
    Variant vPrivKey
    Handle hoPrivKey
    Handle hoCsr
    Variant vXml
    Handle hoXml
    String sCsrPem
    String sTemp1
    Boolean bTemp1

    Move False To iSuccess

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // This example will generate a secp256r1 ECDSA key for the CSR.
    Get Create (RefClass(cComChilkatEcc)) To hoEcc
    If (Not(IsComObjectCreated(hoEcc))) Begin
        Send CreateComObject of hoEcc
    End
    Get Create (RefClass(cComChilkatPrng)) To hoPrng
    If (Not(IsComObjectCreated(hoPrng))) Begin
        Send CreateComObject of hoPrng
    End
    Get Create (RefClass(cComChilkatPrivateKey)) To hoPrivKey
    If (Not(IsComObjectCreated(hoPrivKey))) Begin
        Send CreateComObject of hoPrivKey
    End

    Get pvComObject of hoPrng to vPrng
    Get pvComObject of hoPrivKey to vPrivKey
    Get ComGenKey Of hoEcc "secp256r1" vPrng vPrivKey To iSuccess
    If (iSuccess = False) Begin
        Showln "Failed to generate a new ECDSA private key."
        Procedure_Return
    End

    Get Create (RefClass(cComChilkatCsr)) To hoCsr
    If (Not(IsComObjectCreated(hoCsr))) Begin
        Send CreateComObject of hoCsr
    End

    // Add common CSR fields:
    Set ComCommonName Of hoCsr To "mysubdomain.mydomain.com"
    Set ComCountry Of hoCsr To "GB"
    Set ComState Of hoCsr To "Yorks"
    Set ComLocality Of hoCsr To "York"
    Set ComCompany Of hoCsr To "Internet Widgits Pty Ltd"
    Set ComEmailAddress Of hoCsr To "support@mydomain.com"

    // Add the following 1.2.840.113549.1.9.14 extensionRequest
    // Note: The easiest way to know the content and format of the XML to be added is to examine
    // a pre-existing CSR with the same desired extensionRequest.  You can use Chilkat to
    // get the extensionRequest from an existing CSR. 

    // 
    // Here is a sample extension request:

    // <?xml version="1.0" encoding="utf-8"?>
    // <set>
    //    <sequence>
    //        <sequence>
    //            <oid>1.3.6.1.4.1.311.20.2</oid>
    //            <asnOctets>
    //                <printable>ZATCA-Code-Signing</printable>
    //            </asnOctets>
    //        </sequence>
    //        <sequence>
    //            <oid>2.5.29.17</oid>
    //            <asnOctets>
    //                <sequence>
    //                    <contextSpecific tag="4" constructed="1">
    //                        <sequence>
    //                            <set>
    //                                <sequence>
    //                                    <oid>2.5.4.4</oid>
    //                                    <utf8>334623324234325</utf8>
    //                                </sequence>
    //                            </set>
    //                            <set>
    //                                <sequence>
    //                                    <oid>0.9.2342.19200300.100.1.1</oid>
    //                                    <utf8>310122393500003</utf8>
    //                                </sequence>
    //                            </set>
    //                            <set>
    //                                <sequence>
    //                                    <oid>2.5.4.12</oid>
    //                                    <utf8>0000</utf8>
    //                                </sequence>
    //                            </set>
    //                            <set>
    //                                <sequence>
    //                                    <oid>2.5.4.26</oid>
    //                                    <utf8>Sample E</utf8>
    //                                </sequence>
    //                            </set>
    //                            <set>
    //                                <sequence>
    //                                    <oid>2.5.4.15</oid>
    //                                    <utf8>Sample Business</utf8>
    //                                </sequence>
    //                            </set>
    //                        </sequence>
    //                    </contextSpecific>
    //                </sequence>
    //            </asnOctets>
    //        </sequence>
    //    </sequence>
    // </set>

    // Use this online tool to generate code from sample XML: 
    // Generate Code to Create XML

    // Here's the code to generate the above extension request.

    Get Create (RefClass(cComChilkatXml)) To hoXml
    If (Not(IsComObjectCreated(hoXml))) Begin
        Send CreateComObject of hoXml
    End
    Set ComTag Of hoXml To "set"
    Send ComUpdateChildContent To hoXml "sequence|sequence|oid" "1.3.6.1.4.1.311.20.2"
    Send ComUpdateChildContent To hoXml "sequence|sequence|asnOctets|printable" "ZATCA-Code-Signing"
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|oid" "2.5.29.17"
    Get ComUpdateAttrAt Of hoXml "sequence|sequence[1]|asnOctets|sequence|contextSpecific" True "tag" "4" To iSuccess
    Get ComUpdateAttrAt Of hoXml "sequence|sequence[1]|asnOctets|sequence|contextSpecific" True "constructed" "1" To iSuccess
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|oid" "2.5.4.4"
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set|sequence|utf8" "334623324234325"
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|oid" "0.9.2342.19200300.100.1.1"
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[1]|sequence|utf8" "310122393500003"
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|oid" "2.5.4.12"
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[2]|sequence|utf8" "0000"
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|oid" "2.5.4.26"
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[3]|sequence|utf8" "Sample E"
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|oid" "2.5.4.15"
    Send ComUpdateChildContent To hoXml "sequence|sequence[1]|asnOctets|sequence|contextSpecific|sequence|set[4]|sequence|utf8" "Sample Business"

    // Add the extension request to the CSR
    Get pvComObject of hoXml to vXml
    Get ComSetExtensionRequest Of hoCsr vXml To iSuccess

    // Generate the CSR with the extension request
    Get pvComObject of hoPrivKey to vPrivKey
    Get ComGenCsrPem Of hoCsr vPrivKey To sCsrPem
    Get ComLastMethodSuccess Of hoCsr To bTemp1
    If (bTemp1 = False) Begin
        Get ComLastErrorText Of hoCsr To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln sCsrPem

    // Sample PEM output:

    // -----BEGIN CERTIFICATE REQUEST-----
    // MIICEjCCAbkCAQAwgZcxITAfBgNVBAMMGG15c3ViZG9tYWluLm15ZG9tYWluLmNv
    // bTELMAkGA1UEBhMCR0IxDjAMBgNVBAgMBVlvcmtzMQ0wCwYDVQQHDARZb3JrMSEw
    // HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxIzAhBgkqhkiG9w0BCQEW
    // FHN1cHBvcnRAbXlkb21haW4uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
    // g8EVNSV0ttlM9kG2E+J3ZB9WEDYVf2QA/8idrPRUafia1CHjd1kslwZA8eP2bAcf
    // 2O493QAENqtW6DTHJbRz8KCBvjCBuwYJKoZIhvcNAQkOMYGtMIGqMCEGCSsGAQQB
    // gjcUAgQUExJaQVRDQS1Db2RlLVNpZ25pbmcwgYQGA1UdEQR9MHukeTB3MRgwFgYD
    // VQQEDA8zMzQ2MjMzMjQyMzQzMjUxHzAdBgoJkiaJk/IsZAEBDA8zMTAxMjIzOTM1
    // MDAwMDMxDTALBgNVBAwMBDAwMDAxETAPBgNVBBoMCFNhbXBsZSBFMRgwFgYDVQQP
    // DA9TYW1wbGUgQnVzaW5lc3MwCgYIKoZIzj0EAwIDRwAwRAIgF7D30eSBklfo+oel
    // 1B0z64eJDB9MB3rCoiFZlj+mz0YCIHYI87eyqdtw2LOcAoBRhyxlBT6i28+Z/8t9
    // bYsMIYvp
    // -----END CERTIFICATE REQUEST-----


End_Procedure