X509_CertRequest creates a PKCS #10 certificate signing request (CSR)
using the subject's private key file.
Public Declare Function X509_CertRequest Lib "diCrPKI.dll"
(ByVal strReqFile As String, ByVal strEpkFile As String,
ByVal strDistName As String, ByVal strReserved As String,
ByVal strPassword As String, ByVal nOptions As Long) As Long
nRet = X509_CertRequest(strReqFile,
strEpkFile, strDistName, strReserved, strPassword, nOptions)
String with name of new certificate request file to be created.String with name of subject's encrypted private key file.String specifying the subject's distinguished name as a set
of attribute key=value pairs.
See Specifying Distinguished Names for more details.
String reserved for future upgrades. Set to empty ("") or NULL.String containing password for Subject's encrypted private key file.Long Option flags.
Choose one signature algorithm from:sha1WithRSAEncryption (default)md5WithRSAEncryptionmd2WithRSAEncryptionsha256WithRSAEncryptionsha384WithRSAEncryptionsha512WithRSAEncryptionsha224WithRSAEncryptionUTF8String (default = PrintableString)
long _stdcall X509_CertRequest(const char *reqfile, const char *epkfile,
const char *distName, const char *reserved, const char *password, long optionFlags);
Long: If successful, the return value is zero;
otherwise it returns a non-zero error code.
The default output is a base64 PEM format CSR file ready for sending to the issuer of your choice. Any existing file of the same name will be overwritten without warning. The output from this function has been tested successfuly with VeriSign's test facility (where the distinguished name complied with VeriSign's requirements).
This example will create a new certificate request with filename C:\Test\myreq.txt.
for the subject with common name "myuser", etc.
The subject's encrypted private key is in the file C:\Test\mykey.epk and has
the password "password". The certificate request will be signed using the subject's private key
using the default sha1WithRSAEncryption algorithm.
Dim nRet As Long
nRet = X509_CertRequest("C:\Test\myreq.txt", "C:\Test\mykey.epk", _
"CN=myuser;O=Test Org;C=AU;L=Sydney;S=NSW", "", "password", 0)
If nRet <> 0 Then
Debug.Print nRet & " " & pkiGetLastError()
Else
Debug.Print "Success"
End If
This should produce an output file similar to:
-----BEGIN NEW CERTIFICATE REQUEST----- MIIBGjCBxQIBADBQMQ8wDQYDVQQDEwZteXVzZXIxETAPBgNVBAoTCFRlc3QgT3Jn MQswCQYDVQQGEwJBVTEPMA0GA1UECBMGU3lkbmV5MQwwCgYDVQQHEwNOU1cwWjAN BgkqhkiG9w0BAQEFAANJADBGAkEAvdci5sKarpPzljBVVxJfGEfBOvjxlgFYOg1x xEEG9Xbilxgl3kTfIrA4KqNmGdEKPksbHXNuxXkwaaAld3bBHQIBA6ASMBAGCisG AQQBgjcCAQ4xAjAAMA0GCSqGSIb3DQEBBQUAA0EAtqie6G31yRcwJljEDdbeYd+w 5FvLd631nL//JuISFv6fl9B30WtHQtI1wuryVYZ6fRWZPpu9jZjs5gsnKFtiUg== -----END NEW CERTIFICATE REQUEST-----
The next example duplicates the certificate request in Sections 3.1 to 3.3 of "Some Examples of the PKCS Standards"
[PKCS-EX].
It uses the 508-bit private key to sign the request, which is stored in the file rsa508.epk
with the password "password". The signature algorithm is md2WithRSAEncryption
and the output is in binary format. To reproduce this example requires the non-strict "kludge".
The output should exactly match the CertificationRequest value in section 3.2 of PKCS-EX.
Dim nRet As Long
nRet = X509_CertRequest("C:\Test\pkcs_ex_req.bin", "C:\Test\rsa508.epk", _
"C=US;O=Example Organization;CN=Test User 1", "", "password", _
PKI_SIG_MD2RSA + PKI_X509_FORMAT_BIN + PKI_X509_REQ_KLUDGE)
If nRet <> 0 Then
Debug.Print nRet & " " & pkiGetLastError()
Else
Debug.Print "Success"
End If
Note that the distinguished name used in this example would not be acceptable at VeriSign's test facility.