EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElCertificateRequest question

Posted: 02/11/2016 15:31:32
by Daniel Schaer (Standard support level)
Joined: 02/16/2012
Posts: 44


I have to build a .CSR with some needed parameters; using openssl, the command is:

openssl req -new -key privada -subj "/C=AR/O=subj_o/CN=subj_cn/serialNumber=CUIT subj_cuit" -out pedido

How do I emulate this parateter structure with TElCertificateRequest? I tried this way (but it is not accepted):

Request.Subject.Count := 4;

Request.Subject.Values[0] := BytesOfString('AR');
Request.Subject.OIDs[0] := BytesOfString('C');

Request.Subject.Values[1] := BytesOfString(sEMIS));
Request.Subject.OIDs[1] := BytesOfString('O');

Request.Subject.Values[2] := BytesOfString(sNomb);
Request.Subject.OIDs[2] := BytesOfString('CN');

Request.Subject.Values[3] := BytesOfString('CUIT ' + sCUIT);
Request.Subject.OIDs[3] := BytesOfString('serialNumber');

Thank you very much!
Posted: 02/11/2016 15:50:55
by Eugene Mayevski (Team)

1) You need to first set an OID, then the value
2) OIDs are literally OIDs (binary constants), not strings in any form. OIDs you need are SB_CERT_OID_* and they are defined in SBConstants.pas.

Please refer to SecureBlackbox\Samples\PKIBlackbox\CertificatesWithGenerator sample for an example of setting OIDs properly.

Sincerely yours
Eugene Mayevski
Posted: 02/12/2016 07:04:37
by Daniel Schaer (Standard support level)
Joined: 02/16/2012
Posts: 44

Thank you, but the point is, I don´t understand what do I have to do to convert this openssl command, specially this:

-subj "/C=AR/O=subj_o/CN=subj_cn/serialNumber=CUIT subj_cuit"

I don´t know if I have to move this all to one OID (and in this case which one), or if I have to pass this values in any other way.
Posted: 02/12/2016 07:28:51
by Ken Ivanov (Team)

Hi Daniel,

What you have in the -subj parameter is a string representation of an RDN structure. Each /XXX=YYY entry corresponds to a single RDN value, which should be stored in a separate RDN key. In your case the code will looks like the following:

Request.Subject.Count := 4;

Request.Subject.OIDs[0] := SB_CERT_OID_COUNTRY;
Request.Subject.Values[0] := StrToUTF8('AR');
Request.Subject.Tags[0] := SB_ASN1_PRINTABLESTRING;

Request.Subject.OIDs[1] := SB_CERT_OID_ORGANIZATION;
Request.Subject.Values[1] := StrToUTF8('subj_o');
Request.Subject.Tags[1] := SB_ASN1_PRINTABLESTRING;

Request.Subject.OIDs[2] := SB_CERT_OID_COMMON_NAME;
Request.Subject.Values[2] := StrToUTF8('subj_cn');
Request.Subject.Tags[2] := SB_ASN1_PRINTABLESTRING;

Request.Subject.OIDs[3] := SB_CERT_OID_SERIAL_NUMBER;
Request.Subject.Values[3] := StrToUTF8('CUIT ' + sCUIT);
Request.Subject.Tags[3] := SB_ASN1_PRINTABLESTRING;

Posted: 02/12/2016 12:34:33
by Daniel Schaer (Standard support level)
Joined: 02/16/2012
Posts: 44

Hi Ken;

Your code works very well, thank you very much!.

Best regards.



Topic viewed 2424 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!