Discuss this help topic in SecureBlackbox Forum
Create certificate from certificate request
Certificate requests are widely used for remote signing of certificates. An entity willing to get a CA-authorized certificate generates a keypair, puts the public key together with its identity information (organization name, country, common name, etc.) to a specifically formatted document called certificate request. This request is signed with the private key and sent to the CA. The CA validates the signature with the enclosed public key. If the signature is correct, the CA generates a certificate using the provided identity information, and signs it with its private key. Then it sends the new certificate to the requester.
The following steps should be taken by the CA to process an incoming request and generate a certificate:
TElCertificateRequest req = new TElCertificateRequest();
req.LoadFromStream(reqStream);
bool valid = req.ValidateSignature();
TElX509CertificateEx cacert = new TElX509CertificateEx();
cacert.LoadFromFileAuto("cacert.pfx", "password");
TElX509CertificateEx cert = new TElX509CertificateEx();
cert.ValidFrom = DateTime.UtcNow;
cert.ValidTo = DateTime.UtcNow.AddYears(2);
cert.Extensions.Included = SBX509Ext.Unit.ceKeyUsage;
cert.Extensions.KeyUsage = SBX509Ext.Unit.kuDigitalSignature;
There's no need in setting the subject and issuer fields.
The subject information will be taken from the corresponding fields of the request, and the issuer information will be taken from the CA certificate.
cacert.Generate(req, cert);
You can specify the hash algorithm used by this function via the CA certificate's PreferredHashAlgorithm property (should be set before the Generate() is called):
cacert.PreferredHashAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256;
cert.SaveToFile("cert.cer", "", TSBCertFileFormat.cfDER);
Now it can be sent to the requester.