EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElCertificateRequest question

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
Posted: 02/11/2016 15:31:32
by Daniel Schaer (Standard support level)
Joined: 02/16/2012
Posts: 44


I have to build a .CSR with some needed parameters; using openssl, the command is:

openssl req -new -key privada -subj "/C=AR/O=subj_o/CN=subj_cn/serialNumber=CUIT subj_cuit" -out pedido

How do I emulate this parateter structure with TElCertificateRequest? I tried this way (but it is not accepted):

Request.Subject.Count := 4;

Request.Subject.Values[0] := BytesOfString('AR');
Request.Subject.OIDs[0] := BytesOfString('C');

Request.Subject.Values[1] := BytesOfString(sEMIS));
Request.Subject.OIDs[1] := BytesOfString('O');

Request.Subject.Values[2] := BytesOfString(sNomb);
Request.Subject.OIDs[2] := BytesOfString('CN');

Request.Subject.Values[3] := BytesOfString('CUIT ' + sCUIT);
Request.Subject.OIDs[3] := BytesOfString('serialNumber');

Thank you very much!
Posted: 02/11/2016 15:50:55
by Eugene Mayevski (EldoS Corp.)

1) You need to first set an OID, then the value
2) OIDs are literally OIDs (binary constants), not strings in any form. OIDs you need are SB_CERT_OID_* and they are defined in SBConstants.pas.

Please refer to SecureBlackbox\Samples\PKIBlackbox\CertificatesWithGenerator sample for an example of setting OIDs properly.

Sincerely yours
Eugene Mayevski
Posted: 02/12/2016 07:04:37
by Daniel Schaer (Standard support level)
Joined: 02/16/2012
Posts: 44

Thank you, but the point is, I don´t understand what do I have to do to convert this openssl command, specially this:

-subj "/C=AR/O=subj_o/CN=subj_cn/serialNumber=CUIT subj_cuit"

I don´t know if I have to move this all to one OID (and in this case which one), or if I have to pass this values in any other way.
Posted: 02/12/2016 07:28:51
by Ken Ivanov (EldoS Corp.)

Hi Daniel,

What you have in the -subj parameter is a string representation of an RDN structure. Each /XXX=YYY entry corresponds to a single RDN value, which should be stored in a separate RDN key. In your case the code will looks like the following:

Request.Subject.Count := 4;

Request.Subject.OIDs[0] := SB_CERT_OID_COUNTRY;
Request.Subject.Values[0] := StrToUTF8('AR');
Request.Subject.Tags[0] := SB_ASN1_PRINTABLESTRING;

Request.Subject.OIDs[1] := SB_CERT_OID_ORGANIZATION;
Request.Subject.Values[1] := StrToUTF8('subj_o');
Request.Subject.Tags[1] := SB_ASN1_PRINTABLESTRING;

Request.Subject.OIDs[2] := SB_CERT_OID_COMMON_NAME;
Request.Subject.Values[2] := StrToUTF8('subj_cn');
Request.Subject.Tags[2] := SB_ASN1_PRINTABLESTRING;

Request.Subject.OIDs[3] := SB_CERT_OID_SERIAL_NUMBER;
Request.Subject.Values[3] := StrToUTF8('CUIT ' + sCUIT);
Request.Subject.Tags[3] := SB_ASN1_PRINTABLESTRING;

Posted: 02/12/2016 12:34:33
by Daniel Schaer (Standard support level)
Joined: 02/16/2012
Posts: 44

Hi Ken;

Your code works very well, thank you very much!.

Best regards.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.



Topic viewed 2174 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!