Tcl
Tcl
Generate a CSR with SAN (Subject Alternative Name) Extension
See more CSR Examples
Demonstrates how to generate a private key and a Certificate Signing Request (CSR) that includes the SAN extension.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# First generate an RSA private key.
# (It is also possible to create CSRs based on ECDSA private keys..)
set rsa [new_CkRsa]
# Generate a random 2048-bit RSA key.
set privKey [new_CkPrivateKey]
set success [CkRsa_GenKey $rsa 2048 $privKey]
if {$success == 0} then {
puts [CkRsa_lastErrorText $rsa]
delete_CkRsa $rsa
delete_CkPrivateKey $privKey
exit
}
# Create the CSR object and set properties.
set csr [new_CkCsr]
# Specify the Common Name.
CkCsr_put_CommonName $csr "mysubdomain.mydomain.com"
# Country Name (2 letter code)
CkCsr_put_Country $csr "GB"
# State or Province Name (full name)
CkCsr_put_State $csr "Yorks"
# Locality Name (eg, city)
CkCsr_put_Locality $csr "York"
# Organization Name (eg, company)
CkCsr_put_Company $csr "Internet Widgits Pty Ltd"
# Organizational Unit Name (eg, secion/division)
CkCsr_put_CompanyDivision $csr "IT"
# Email address
CkCsr_put_EmailAddress $csr "support@mydomain.com"
# Add Subject Alternative Names
# (The AddSan method is added in Chilkat v9.5.0.84)
# Call AddSan for each alternative name.
set success [CkCsr_AddSan $csr "dnsName" "mydomain.com"]
set success [CkCsr_AddSan $csr "dnsName" "mysubdomain.mydomain.com"]
set success [CkCsr_AddSan $csr "ipAddress" "192.168.0.123"]
# Create the CSR using the private key.
set pemStr [CkCsr_genCsrPem $csr $privKey]
if {[CkCsr_get_LastMethodSuccess $csr] != 1} then {
puts [CkCsr_lastErrorText $csr]
delete_CkRsa $rsa
delete_CkPrivateKey $privKey
delete_CkCsr $csr
exit
}
# Save the private key and CSR to a files.
CkPrivateKey_SavePkcs8EncryptedPemFile $privKey "password" "qa_output/privKey1.pem"
set fac [new_CkFileAccess]
CkFileAccess_WriteEntireTextFile $fac "qa_output/csr1.pem" $pemStr "utf-8" 0
# Show the CSR.
puts "$pemStr"
# Sample output:
# -----BEGIN CERTIFICATE REQUEST-----
# MIIC6jCCAdICAQAwgaQxITAfBgNVBAMMGG15c3ViZG9tYWluLm15ZG9tYWluLmNv
# bTELMAkGA1UEBhMCR0IxDjAMBgNVBAgMBVlvcmtzMQ0wCwYDVQQHDARZb3JrMSEw
# HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCzAJBgNVBAsMAklUMSMw
# IQYJKoZIhvcNAQkBFhRzdXBwb3J0QG15ZG9tYWluLmNvbTCCASIwDQYJKoZIhvcN
# AQEBBQADggEPADCCAQoCggEBALnQ0un/wF8whk+gPuiAlf3qvx14jgAOV6Erm6EB
# H7WACPCpnKcm/8KP+7uoPiwRQaENhMeCgf45vcivl2p6aAn/spLXyEkXyw2d8wFb
# YYAGRkiz4Xf7ASJiKuwcOtORz+sSDzgtdfokHfXU1cYeFE2yQhSdLUY5fMn425+g
# KoEEsRSjSDe6AKru4+4iGNrLKd8pB9IA5/jOE139IkWlB9r5fEPD5bUTsgqXk9eb
# 68O0gc712V2eZK07N24lDmFC4bIMTD4csDWocR5hFHXj7NX7c8sOBDcpEb9mPIk4
# elxubnhkfnjhOi4J3lDHcT/0ALnbLhf9LnaiKqs+5VcVZvECAwEAAaAAMA0GCSqG
# SIb3DQEBBQUAA4IBAQC0AETLIcP3foh5nbu2hVFS8uCUNZ5hEIR1eXmYZmZoBQq2
# 26ZAoT4CZwixlggC+n7WvAXJ5Pzxpl4wLV4loTiQzaKPX1w0ERo5ZRwLy0n56oG2
# 6QG+WTViT1C8rlgtVwkCFNOXr0kSSRs8FdaPllqKxK1hxYSL7zwNpumsk39F2cDt
# vhcekvH0V3BuGrQFm3dKN/0azW6GOod9+Vq4VzSyOe3kp15oxLBsZOFOu/REujcw
# Tzu2jt1asQKUm60CZ9wNHpYepR0Ww40uP1slbehEaFDa6V8b60/tlHHmBbJ4/fy5
# hJnYCvjzFz4O9VtT+JtP9ldRHWV3KpZ8ne3AjD+F
# -----END CERTIFICATE REQUEST-----
delete_CkRsa $rsa
delete_CkPrivateKey $privKey
delete_CkCsr $csr
delete_CkFileAccess $fac