Eric Winfly 0 Posted 19 hours ago I use TSslCertTools for generating a KeyPair and Certificate CSR but i have a probleme with the Subject variable, i can find a ways to specify GN= and SN= because i only see the general variable like this : TSslCertTools *Tool = new TSslCertTools(NULL); Tool->CommonName = "Common Name"; Tool->Organization = "Org"; Tool->OrgUnit = "Org Unit"; Tool->Locality = "Montreal"; Tool->State = "QC"; Tool->Country = "CA"; I have search all source code for Extended option or Subject line to specify my own data but nothing found ? Share this post Link to post
Angus Robertson 656 Posted 5 hours ago You should look at the OverbyteIcsPemtool sample, the 'New Certificate Properties' tab has settings for all the subject items, basic and extended usage, key usage, etc. However, these settings are primarily for server and computer certificates, if you need givenName and surName, I assume you are getting personal certificates from somewhere? Angus Share this post Link to post
Eric Winfly 0 Posted 3 hours ago I see the only the GetNameEntryByNid(TRUE, NID_givenName) in ListCertDetail but i see nothing about the opposite SetNameEntryByNid(TRUE, NID_givenName, String) example ? I found no Edit box or other related component in the PemTool sample ? Can you copy some code for setting the givenName and surName this is the only thinks i need for my Cert Req, and yes the calling server return me the Signed Certificate but it ask for these 2 subject items ? Thanks Eric Share this post Link to post
Kas Ob. 147 Posted 2 hours ago 52 minutes ago, Eric Winfly said: I see the only the GetNameEntryByNid(TRUE, NID_givenName) in ListCertDetail but i see nothing about the opposite SetNameEntryByNid(TRUE, NID_givenName, String) example ? I highly recommend using OID instead of NID, they are documented, there is so many internet resources and DB populate them, and most important you can find the needed entry by its OID from any certificate or CSR. In this page there is few lines on how to convert OID in its text formatted syntax into OBJ https://docs.openssl.org/1.0.2/man3/OBJ_nid2obj/#examples then use OBJ instead of NID, as there is the same equivalent APIs for each of them Also important note here, "Set" might not be acting as "Add" and i can't find details about this, but if there is Add then it should be used, and not depending on Set From translated code from C++, this code might work, i say might as i didn't test it, just translated it // Create ASN1_OBJECT for givenName OID 2.5.4.42 objGivenName := OBJ_txt2obj(PAnsiChar(AnsiString('2.5.4.42')), 1); if objGivenName = nil then raise Exception.Create('Failed to create ASN1_OBJECT for givenName(2.5.4.42)'); X509_NAME_add_entry_by_OBJ(name, objGivenName, MBSTRING_ASC, PBYTE(AnsiString('John')), -1, -1, 0); ASN1_OBJECT_free(objGivenName); Now as suggestions for Angus, it might be useful to add generic functions to this, this will be future proof, allowing any non essential entries or exotic objects to be added or enumerated, in other words allow customization in its purest way. It could use NID, Text and OID, implement once and can be used whenever request like this pop then the solution is easy, find the OID (or text) for the entry then add it or read it using the custom entry access givenName = 2.5.4.42 surname = 2.5.4.4 https://oid-base.com/cgi-bin/display?oid=2.5.4.4&submit=Display&action=display https://oid-base.com/cgi-bin/display?oid=2.5.4.42&submit=Display&action=display Using NID is also nice but only if it is already Known and declared in OpenSSL Pascal headers, so it will be limited. Share this post Link to post
Angus Robertson 656 Posted 1 hour ago The PemTool sample does not have edit boxes for surname oi given name, because you are the first to request them. Most personal certificates are issued for email address, not people. I'l like to see an example with names. You should be able to add a couple of lines in TSslCertTools.DoCertReqProps, plus the properties to add them: AddNameEntryByTxt(SubjName, 'GN', MyGN); AddNameEntryByTxt(SubjName, 'SN', MySN); I will do this in the next week or so. Angus Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
