How do I obtain "PKI serial identifier" from certificate using Delphi, Indy, OpenSSL?

Hi all,

Thanks for looking. Please excuse newbie mistakes and inelegance.

I have a specification for an internet service that verifies documents that I need to fulfill.  I have been given what I understand to be an X509 certificate (comprised of two sections marked CERTIFICATE and PRIVATE KEY) for development purposes.

Using Delphi 2005, Indy 10.2.3, the OpenSSL dlls (10.0.0a), and an import of libeay32 by Eric Young, I have (I believe) loaded the private key and certificate elements correctly.  Later, I use the private key to create an MD5 hash that I convert to base-64 as a signature.

In order to interpret this signature, the specification has a record that it described as the Certificate Identifier.  It contains information such as the distinguished names, hash algorithm etc.  

I also need one of two kinds of identifier - and this is the crux of my question - how do I obtain either or (ideally) both of these values (which I am told can be extracted from the certificate)?

Option1 : 17 character numeric field, described as a Verisign certificate identifier.

Option2: A hex string (the spec allows for up to 200 characters).

My understanding is that Option2 is a replacement/newer version of Option 1 from the certification agencies, so if it is an either/or thing, Option 2 is preferred.

Below is my code loading the key and certificate and obtaining a value.  Any of these steps may be suspect.  The value I get at the end is 224 characters long, which is too long - the server rejects it on that basis.

Code examples much appreciated.  Thanks in advance,

lordirish

Code extract:



const
    CERTFILE = 'Test';

var
    KeyFile : pBIO;
    TheKey : pEVP_PKEY;
    TheCert : pX509;
    TheValue   : string;

procedure LoadTheCertAndKeyAndGetValue;

    function CallBackFn(buffer: PChar; blength: integer; verify: integer; data: pointer): integer; cdecl;
    var
        Passphrase: String;
    begin
        Result := 0;
        StrPCopy(buffer, CERTFILE);
        Result := Length(CERTFILE);
    end;

var
    TempASN  : pASN1_Integer;
    TempPAC  : PAnsiChar;
    //
    iLoop    : integer;
    x1         : pEVP_PKEY;
    x2         : pX509;
begin
    KeyFile := BIO_new(BIO_s_file());
    BIO_read_filename(KeyFile, PAnsiChar(ExtractFilePath(ParamStr(0)) + CERTFILE + '.key'));
    x1 := nil;
    TheKey  := PEM_read_bio_PrivateKey(KeyFile, x1, @CallBackFn, self);
    //
    KeyFile := BIO_new(BIO_s_file());
    BIO_read_filename(KeyFile, PAnsiChar(ExtractFilePath(ParamStr(0)) + CERTFILE + '.key'));
    x2 := nil;
    TheCert :=  PEM_read_bio_X509(KeyFile, x2, @CallBackFn, self);
    //
    TempASN := X509_get_serialNumber(TheCert);
    TempPAC := TempASN.data;
    TheValue := '';
    for iLoop := 1 to Length(TempPAC) do
        TheValue := TheValue + IntToHex(Ord(TempPAC[iLoop]), 2);
end;

Open in new window

lordirishAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GeneralTackettCommented:
There is a good section about this at the atozed/ intraweb site.  I also believe you can find it at the indy site just look for ssh and such it is in there it leads to a few tools where you can self publish.  it is rather lengthy to post here.  If you cant find it I will look and post a link.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lordirishAuthor Commented:
Thanks, GeneralTackett.  Apologies for slow response, fell quite ill a couple of days after posting.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Delphi

From novice to tech pro — start learning today.