EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Certificate request

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#10569
Posted: 07/12/2009 16:07:12
by Paweł Sałek (Basic support level)
Joined: 07/12/2009
Posts: 6

Hi,
I'd like to issue a certificate, which is based on pkcs10 certificate request. My idea is to use p10 request as a way of transport of public key from end-user to ca. Other necessary information should be added before cert generation. How can I do it?
Documentation mentioned that, it is possible to set serial number and validity period of certificate (and it works fine). But when I add i.e. Key usage:

TElX509CertificateEx cert = new TElX509CertificateEx(null);
cert.ValidFrom = DateTime.Now;
cert.ValidTo = DateTime.Now.AddDays(7);
string data = DateTime.UtcNow.ToString();
Guid g = Guid.NewGuid();
cert.SerialNumber = g.ToByteArray();

cert.Extensions.KeyUsage.Critical = true;
cert.Extensions.KeyUsage.DigitalSignature = true;
CACert.Generate(req, cert); //CACert is ca cert selected from windows store, req is a pkcs10 request loaded from byte buffer.

Actually nothing happens : ). Certificate consist everything except key usage.
Could you send me any hint how to resolve my problem?
Any help will be appreciated.
Best regards,
Pawel.


-------------
little update.
I resolved my problem with extensions.I've got to set up Extensions.Included flag in ElCertificateExtensions class.

But how can I change subject dname?
#10573
Posted: 07/13/2009 04:48:23
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Subject name can be set via the SubjectName or SubjectRDN properties of TElX509Certificate(Ex) class.
#10575
Posted: 07/13/2009 09:25:48
by Paweł Sałek (Basic support level)
Joined: 07/12/2009
Posts: 6

Thank you for your answer.

I'm afraid, that changes in TElX509CertificateEx SubjectRDN doesn’t work. Actually such code:

TElX509CertificateEx cert = new TElX509CertificateEx(null);
cert.ValidFrom = DateTime.Now;
cert.ValidTo = DateTime.Now.AddDays(7);

req.Subject.Clear(); //removes subject dname from request.

cert.SubjectRDN.Count = 2;
cert.SubjectRDN.set_OIDs(0, SBUtils.Unit.SB_CERT_OID_COUNTRY);
cert.SubjectRDN.set_Values(0, SBUtils.Unit.BytesOfString("US"));
cert.SubjectRDN.set_Tags(0, SBASN1Tree.Unit.SB_ASN1_UTF8STRING);
cert.SubjectRDN.set_OIDs(1, SBUtils.Unit.SB_CERT_OID_COMMON_NAME);
cert.SubjectRDN.set_Values(1, SBUtils.Unit.BytesOfString("Test"));
cert.SubjectRDN.set_Tags(1, SBASN1Tree.Unit.SB_ASN1_UTF8STRING);

throws System.IndexOutOfRangeException exception in Generate method.

I've found, that there are two ways to achieve my goal:
1. use SetSubject (TName) method in TElX509CertificateEx and set TName attributes - it works, but it is not good enough (lack of given name and surname attributes).

2. change SubjectRDN in TElCertificateRequest - it works fine for me.

Well, I think, that my problem is resolved.

Regards,

Pawel.
#10576
Posted: 07/13/2009 09:32:58
by Ken Ivanov (EldoS Corp.)

If the certificate is generated from a request, then the subject name values set via the SubjectRDN property are ignored. The name is actually taken from the request in this case.
#10577
Posted: 07/13/2009 11:33:11
by Paweł Sałek (Basic support level)
Joined: 07/12/2009
Posts: 6

Thank you for your help and suggestions.

Regards,

Pawel.
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 1956 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!