Request certificate to CA

You must sign in to post in the forums.
11/26/2010 3:09:44 PM
fcirera
Gravatar
Total Posts 26
View Posts

Request certificate to CA

Is possible to request a certificate to Microsoft CA with your library? Thank you very much in advanced.

11/26/2010 6:04:03 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Request certificate to CA

There are several steps to do to request a certificate to a CA as well as Microsoft CA:

1) Generating a self-signed PKCS#10 request

2) Sending the request to the CA

3) Downloading the issued certificate

4) uploading the certificate on the token/HSM

You need NCryptoki in the steps 1 and 4:
In step 1 you call NCryptoki to collect the information you need to create the PKCS#10 and to sign it.
In step 4 you call NCryptoki to import the issued certificate in the token.

Regards,

Ugo Chirico
http://www.cryptware.it

12/1/2010 4:01:11 PM
fcirera
Gravatar
Total Posts 26
View Posts

Re: Request certificate to CA

Ugo, do you have an example in Visual Basic net for point 1)? Thank you very much in advanced.

12/2/2010 11:32:58 AM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Request certificate to CA

I don't have at the moment e piece of code to generate a PKCS#10. I should prepare it from scratch an publish it on NCryptoki wiki.
Give me one day to do that...

Regards,

Ugo

 

12/3/2010 7:49:00 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Request certificate to CA

Hi,

this ii a piece of code in VB.NET that generates a PKCS#10 certification request.

It uses BouncyCastle to handle ASN1 Der encoding.

Imports Org.BouncyCastle.Asn1.X509
Imports Org.BouncyCastle.Asn1.X500
Imports Org.BouncyCastle.Asn1.Pkcs
Imports Org.BouncyCastle.Asn1
Imports Org.BouncyCastle.X509
Imports Org.BouncyCastle.Math

Function generatePKCS10CertificationRequest(ByVal distinguishedName As String, ByVal priKey As RSAPrivateKey, ByVal pubKey As RSAPublicKey, ByVal session As Session) As Byte()

        Dim subject As X509Name = New X509Name(distinguishedName)
        Dim pk As RsaPublicKeyStructure = New RsaPublicKeyStructure(New BigInteger(1, pubKey.Modulus), New BigInteger(1, pubKey.PublicExponent))

        Dim spkInfo As SubjectPublicKeyInfo = New SubjectPublicKeyInfo(New AlgorithmIdentifier(X509ObjectIdentifiers.IdSha1, DerNull.Instance), pk.GetDerEncoded())

        Dim reqInfo As CertificationRequestInfo = New CertificationRequestInfo(subject, spkInfo, Nothing)

        Dim toSign As Byte() = reqInfo.GetDerEncoded()

        session.SignInit(Mechanism.SHA1_RSA_PKCS, priKey)

        Dim signature As Byte() = session.Sign(toSign)

        Dim pkcs10 As CertificationRequest = New CertificationRequest(reqInfo, New AlgorithmIdentifier(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Sha1WithRsaEncryption, DerNull.Instance), New DerBitString(signature))

        generatePKCS10CertificationRequest = pkcs10.GetDerEncoded()

    End Function

 

let me know...

Regards,

Ugo

You must sign in to post in the forums.