Solved

How do I obtain "PKI serial identifier" from certificate using Delphi, Indy, OpenSSL?

Posted on 2010-08-15
3
1,094 Views
Last Modified: 2013-11-23
Hi all,

Thanks for looking. Please excuse newbie mistakes and inelegance.

I have a specification for an internet service that verifies documents that I need to fulfill.  I have been given what I understand to be an X509 certificate (comprised of two sections marked CERTIFICATE and PRIVATE KEY) for development purposes.

Using Delphi 2005, Indy 10.2.3, the OpenSSL dlls (10.0.0a), and an import of libeay32 by Eric Young, I have (I believe) loaded the private key and certificate elements correctly.  Later, I use the private key to create an MD5 hash that I convert to base-64 as a signature.

In order to interpret this signature, the specification has a record that it described as the Certificate Identifier.  It contains information such as the distinguished names, hash algorithm etc.  

I also need one of two kinds of identifier - and this is the crux of my question - how do I obtain either or (ideally) both of these values (which I am told can be extracted from the certificate)?

Option1 : 17 character numeric field, described as a Verisign certificate identifier.

Option2: A hex string (the spec allows for up to 200 characters).

My understanding is that Option2 is a replacement/newer version of Option 1 from the certification agencies, so if it is an either/or thing, Option 2 is preferred.

Below is my code loading the key and certificate and obtaining a value.  Any of these steps may be suspect.  The value I get at the end is 224 characters long, which is too long - the server rejects it on that basis.

Code examples much appreciated.  Thanks in advance,

lordirish

Code extract:



const
    CERTFILE = 'Test';

var
    KeyFile : pBIO;
    TheKey : pEVP_PKEY;
    TheCert : pX509;
    TheValue   : string;

procedure LoadTheCertAndKeyAndGetValue;

    function CallBackFn(buffer: PChar; blength: integer; verify: integer; data: pointer): integer; cdecl;
    var
        Passphrase: String;
    begin
        Result := 0;
        StrPCopy(buffer, CERTFILE);
        Result := Length(CERTFILE);
    end;

var
    TempASN  : pASN1_Integer;
    TempPAC  : PAnsiChar;
    //
    iLoop    : integer;
    x1         : pEVP_PKEY;
    x2         : pX509;
begin
    KeyFile := BIO_new(BIO_s_file());
    BIO_read_filename(KeyFile, PAnsiChar(ExtractFilePath(ParamStr(0)) + CERTFILE + '.key'));
    x1 := nil;
    TheKey  := PEM_read_bio_PrivateKey(KeyFile, x1, @CallBackFn, self);
    //
    KeyFile := BIO_new(BIO_s_file());
    BIO_read_filename(KeyFile, PAnsiChar(ExtractFilePath(ParamStr(0)) + CERTFILE + '.key'));
    x2 := nil;
    TheCert :=  PEM_read_bio_X509(KeyFile, x2, @CallBackFn, self);
    //
    TempASN := X509_get_serialNumber(TheCert);
    TempPAC := TempASN.data;
    TheValue := '';
    for iLoop := 1 to Length(TempPAC) do
        TheValue := TheValue + IntToHex(Ord(TempPAC[iLoop]), 2);
end;

Open in new window

0
Comment
Question by:lordirish
3 Comments
 
LVL 8

Accepted Solution

by:
GeneralTackett earned 500 total points
ID: 33468531
There is a good section about this at the atozed/ intraweb site.  I also believe you can find it at the indy site just look for ssh and such it is in there it leads to a few tools where you can self publish.  it is rather lengthy to post here.  If you cant find it I will look and post a link.
0
 

Author Closing Comment

by:lordirish
ID: 33508122
Thanks, GeneralTackett.  Apologies for slow response, fell quite ill a couple of days after posting.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSL certificate pack 6 221
tidtcpserver connection lost handle 2 88
How to load 2 images in same column in Delphi 2 47
enhance the following code 3 32
This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question