|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Swift) Renew a DigiCert Certificate from an EST-enabled profileDemonstrates how to renew a certificate from an EST-enabled profile in DigiCert® Trust Lifecycle Manager. (The certificate must be within the renewal window configured in the certificate profile. The CSR must have same Subject DN values as the original certificate.) Note: This example requires Chilkat v11.0.0 or greater.
func chilkatTest() { // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // The example below duplicates the following OpenSSL commands: // // # Name of certificate as argument 1 // // # Make new key // openssl ecparam -name prime256v1 -genkey -noout -out ${1}.key.pem // // # Make csr // openssl req -new -sha256 -key ${1}.key.pem -out ${1}.p10.csr -subj "/CN=${1}" // // # Request new cert // curl -v --cacert data/ca.pem --cert data/${1}.pem --key data/${1}.key.pem // --data-binary @${1}.p10.csr -o ${1}.p7.b64 -H "Content-Type: application/pkcs10" https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll // // # Convert to PEM // openssl base64 -d -in ${1}.p7.b64 | openssl pkcs7 -inform DER -outform PEM -print_certs -out ${1}.pem // ------------------------------------------------------------------------------------------------------------------ // Create a Fortuna PRNG and seed it with system entropy. // This will be our source of random data for generating the ECC private key. let fortuna = CkoPrng()! var entropy: String? = fortuna.getEntropy(32, encoding: "base64") var success: Bool = fortuna.addEntropy(entropy, encoding: "base64") let ec = CkoEcc()! // Generate a random EC private key on the prime256v1 curve. let privKey = CkoPrivateKey()! success = ec.genKey("prime256v1", prng: fortuna, privKey: privKey) if success != true { print("\(ec.lastErrorText!)") return } // Create the CSR object and set properties. let csr = CkoCsr()! // Specify your CN csr.commonName = "mysubdomain.mydomain.com" // Create the CSR using the private key. let bdCsr = CkoBinData()! success = csr.genCsrBd(privKey, csrData: bdCsr) if success == false { print("\(csr.lastErrorText!)") return } // Save the private key and CSR to files. privKey.savePkcs8EncryptedPemFile("password", path: "c:/temp/qa_output/ec_privkey.pem") bdCsr.writeFile("c:/temp/qa_output/csr.pem") // ---------------------------------------------------------------------- // Now do the CURL request to POST the CSR and get the new certificate. let http = CkoHttp()! let tlsClientCert = CkoCert()! success = tlsClientCert.load(fromFile: "data/myTlsClientCert.pem") if success == false { print("\(tlsClientCert.lastErrorText!)") return } let bdTlsClientCertPrivKey = CkoBinData()! success = bdTlsClientCertPrivKey.loadFile("data/myTlsClientCert.key.pem") if success == false { print("Failed to load data/myTlsClientCert.key.pem") return } let tlsClientCertPrivKey = CkoPrivateKey()! success = tlsClientCertPrivKey.loadAnyFormat(bdTlsClientCertPrivKey, password: "") if success == false { print("\(tlsClientCertPrivKey.lastErrorText!)") return } success = tlsClientCert.setPrivateKey(tlsClientCertPrivKey) if success == false { print("\(tlsClientCert.lastErrorText!)") return } http.setSslClientCert(tlsClientCert) http.requireSslCertVerify = true // The body of the HTTP request contains the binary CSR. let resp = CkoHttpResponse()! var url: String? = "https://clientauth.demo.one.digicert.com/.well-known/est/IOT/simplereenroll" success = http.httpBd("POST", url: url, bd: bdCsr, contentType: "application/pkcs10", response: resp) if success == false { print("\(http.lastErrorText!)") return } if resp.statusCode.intValue != 200 { print("response status code = \(resp.statusCode.intValue)") print("\(resp.bodyStr!)") print("Failed") return } // The response is the Base64 DER of the new certificate. let myNewCert = CkoCert()! success = myNewCert.load(fromBase64: resp.bodyStr) if success == false { print("\(myNewCert.lastErrorText!)") print("Cert data = \(resp.bodyStr!)") print("Failed.") return } success = myNewCert.save(toFile: "c:/temp/qa_output/myNewCert.cer") if success == false { print("\(myNewCert.lastErrorText!)") print("Failed.") return } print("Success.") } |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.