Solved

How do I obtain "PKI serial identifier" from certificate using Delphi, Indy, OpenSSL?

Posted on 2010-08-15
3
1,103 Views
Last Modified: 2013-11-23
Hi all,

Thanks for looking. Please excuse newbie mistakes and inelegance.

I have a specification for an internet service that verifies documents that I need to fulfill.  I have been given what I understand to be an X509 certificate (comprised of two sections marked CERTIFICATE and PRIVATE KEY) for development purposes.

Using Delphi 2005, Indy 10.2.3, the OpenSSL dlls (10.0.0a), and an import of libeay32 by Eric Young, I have (I believe) loaded the private key and certificate elements correctly.  Later, I use the private key to create an MD5 hash that I convert to base-64 as a signature.

In order to interpret this signature, the specification has a record that it described as the Certificate Identifier.  It contains information such as the distinguished names, hash algorithm etc.  

I also need one of two kinds of identifier - and this is the crux of my question - how do I obtain either or (ideally) both of these values (which I am told can be extracted from the certificate)?

Option1 : 17 character numeric field, described as a Verisign certificate identifier.

Option2: A hex string (the spec allows for up to 200 characters).

My understanding is that Option2 is a replacement/newer version of Option 1 from the certification agencies, so if it is an either/or thing, Option 2 is preferred.

Below is my code loading the key and certificate and obtaining a value.  Any of these steps may be suspect.  The value I get at the end is 224 characters long, which is too long - the server rejects it on that basis.

Code examples much appreciated.  Thanks in advance,

lordirish

Code extract:



const
    CERTFILE = 'Test';

var
    KeyFile : pBIO;
    TheKey : pEVP_PKEY;
    TheCert : pX509;
    TheValue   : string;

procedure LoadTheCertAndKeyAndGetValue;

    function CallBackFn(buffer: PChar; blength: integer; verify: integer; data: pointer): integer; cdecl;
    var
        Passphrase: String;
    begin
        Result := 0;
        StrPCopy(buffer, CERTFILE);
        Result := Length(CERTFILE);
    end;

var
    TempASN  : pASN1_Integer;
    TempPAC  : PAnsiChar;
    //
    iLoop    : integer;
    x1         : pEVP_PKEY;
    x2         : pX509;
begin
    KeyFile := BIO_new(BIO_s_file());
    BIO_read_filename(KeyFile, PAnsiChar(ExtractFilePath(ParamStr(0)) + CERTFILE + '.key'));
    x1 := nil;
    TheKey  := PEM_read_bio_PrivateKey(KeyFile, x1, @CallBackFn, self);
    //
    KeyFile := BIO_new(BIO_s_file());
    BIO_read_filename(KeyFile, PAnsiChar(ExtractFilePath(ParamStr(0)) + CERTFILE + '.key'));
    x2 := nil;
    TheCert :=  PEM_read_bio_X509(KeyFile, x2, @CallBackFn, self);
    //
    TempASN := X509_get_serialNumber(TheCert);
    TempPAC := TempASN.data;
    TheValue := '';
    for iLoop := 1 to Length(TempPAC) do
        TheValue := TheValue + IntToHex(Ord(TempPAC[iLoop]), 2);
end;

Open in new window

0
Comment
Question by:lordirish
3 Comments
 
LVL 8

Accepted Solution

by:
GeneralTackett earned 500 total points
ID: 33468531
There is a good section about this at the atozed/ intraweb site.  I also believe you can find it at the indy site just look for ssh and such it is in there it leads to a few tools where you can self publish.  it is rather lengthy to post here.  If you cant find it I will look and post a link.
0
 

Author Closing Comment

by:lordirish
ID: 33508122
Thanks, GeneralTackett.  Apologies for slow response, fell quite ill a couple of days after posting.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there! Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Auth…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question