Name
xenc_x509_from_csr — Generate x509 certificate from CSR.
Synopsis
varchar xenc_x509_from_csr ( |
in ca_key_name varchar , |
| in cli_key_name varchar , | |
| in csr_str varchar , | |
| in serial_no varchar , | |
| in days_validity varchar , | |
in hours_validity varchar
); |
Description
This function generates Certificate Signing Request (CSR). The
function return 1 upon success, sql error on failure. The new
certificate can be exported in PEM format with xenc_pem_export(cli_key_name) .
Parameters
ca_key_name
The name of CA private key which will be used to sign certificate.
cli_key_name
The name of a key which will be created and will contains the client certificate.
csr_str
pem encoded CSR.
serial_no
Serial number.
days_validity
How many days will be valid the certificate.
hours_validity
How many hours will be valid the certificate.
Return Types
the function returns 1 upon success, sql error on failure.
Errors
Table24.120.Errors signalled
by xenc_x509_from_csr
| SQLState | Error Code | Error Text | Description |
|---|---|---|---|
| 22023 | XECXX | The key [name of the key] already exists | |
| 22023 | XECXX | Missing or invalid signer certificate | |
| 22023 | XECXX | Invalid certificate request | |
| 22023 | XECXX | Invalid certificate request public key | |
| 22023 | XECXX | Signature did not match the certificate request | |
| 22023 | XECXX | Invalid certificate request subject name | |
| 42000 | XECXX | Can not create x.509 structure | |
| 42000 | XECXX | Can not sign certificate | |
| 42000 | XECXX | The type of public key is not supported mus tbe RSA or DSA | |
| 42000 | XECXX | Can not create a key | |
| 42000 | XECXX | Can not sign certificate : [the sign error text] |
Example
Example24.486.Generating a Certificate Signing Request (CSR)
The following example demonstrates how to generate Certificate Signing Request (CSR).
SQL>create procedure csr_demo()
{
declare kname, cvalue varchar;
declare _key any;
declare _output int;
xenc_key_RSA_create ('RSAKey1', 1024);
_key := xenc_x509_csr_generate ('RSAKey1',
vector (
'CN', 'Demo user',
'C', 'US',
'O', 'OpenLink',
'OU', 'Accounts',
'emailAddress', 'demo@openlinksw.com'),
vector ('subjectAltName', 'URI: http://www.openlinksw.com/dataspace/person/demo#this', 'nsComment', 'Virtuoso Generated Certificate',
'authorityKeyIdentifier', 'keyid,issuer:always'));
xenc_x509_from_csr ('id_rsa', 'MyKey1', _key , sequence_next ('ca_id_rsa'), 365, 100);
return xenc_pem_export ('MyKey1');
}
;
Done. -- 0 msec.
SQL> select csr_demo();
temp2
VARCHAR
_______________________________________________________________________________
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIBEzANBgkqhkiG9w0BAQQFADBVMQswCQYDVQQIEwJvbDEL
MAkGA1UEChMCb2wxCzAJBgNVBAsTAm9sMQ0wCwYDVQQDEwRqb2huMR0wGwYJKoZI
hvcNAQkBFg5qb2huQGdtYWlsLmNvbTAeFw0xMTA2MDcxNTAxNDhaFw0xMjA2MTAx
OTAxNDhaMGsxEjAQBgNVBAMTCURlbW8gdXNlcjELMAkGA1UEBhMCVVMxETAPBgNV
BAoTCE9wZW5MaW5rMREwDwYDVQQLEwhBY2NvdW50czEiMCAGCSqGSIb3DQEJARYT
ZGVtb0BvcGVubGlua3N3LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
3Ma/MlMrGruwpDsW2D3iYA6sqFqldPsgx837dNJel8ZQu5/0Nyr5DCtAQNq6nWZo
0bezK9UIfAXEQXWt4S7IMPfTF6oCT85YDsQEEE/o1spsZ9Q7kXhKu3R3LNNiTxYr
TR4FSl361pUqyYngSMTxVWJxKnPW30p94i5QuQjLF1sCAwEAAaOBkjCBjzAdBgNV
HQ4EFgQUF5wTSXH98IqiaaxfVTNcui8p8SowPwYDVR0RBDgwNoY0aHR0cDovL3d3
dy5vcGVubGlua3N3LmNvbS9kYXRhc3BhY2UvcGVyc29uL2RlbW8jdGhpczAtBglg
hkgBhvhCAQ0EIBYeVmlydHVvc28gR2VuZXJhdGVkIENlcnRpZmljYXRlMA0GCSqG
SIb3DQEBBAUAA4IBAQCwSN3y6yeCNe+/izo5GwM+16cjmZkyMUYmAO62I6T62jmI
p0nYaVhJ9WV0ntVnx1H8/LKwrgyLlhXacVw4jyXwFMSo+YuONj+kKpobNH2cl+u1
+c0kJGbY/eS99S2D3JhL6n+QukvQIqhYniZ21wT1ugwpN2A7NtY+g925+vQBO0UH
0wQm3eQk8NADEjcqrmGmJcrK22jfaBNov+O2wvcZQM7WIKm98f/7So7kBN0BoRX8
7LRf3zIhp4f9fk1QDwlm9NgwgxARqNOfRuJU2YU1ICz88LbwM4XDeb+Mdr0YMNdU
6eYkCB4vKsVH+s1E8m67QZ8TGxpNZLYXLZZBdt86
-----END CERTIFICATE-----
1 Rows. -- 172 msec.