[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

How do I obtain "PKI serial identifier" from certificate using Delphi, Indy, OpenSSL?

Posted on 2010-08-15
3
Medium Priority
?
1,161 Views
Last Modified: 2013-11-23
Hi all,

Thanks for looking. Please excuse newbie mistakes and inelegance.

I have a specification for an internet service that verifies documents that I need to fulfill.  I have been given what I understand to be an X509 certificate (comprised of two sections marked CERTIFICATE and PRIVATE KEY) for development purposes.

Using Delphi 2005, Indy 10.2.3, the OpenSSL dlls (10.0.0a), and an import of libeay32 by Eric Young, I have (I believe) loaded the private key and certificate elements correctly.  Later, I use the private key to create an MD5 hash that I convert to base-64 as a signature.

In order to interpret this signature, the specification has a record that it described as the Certificate Identifier.  It contains information such as the distinguished names, hash algorithm etc.  

I also need one of two kinds of identifier - and this is the crux of my question - how do I obtain either or (ideally) both of these values (which I am told can be extracted from the certificate)?

Option1 : 17 character numeric field, described as a Verisign certificate identifier.

Option2: A hex string (the spec allows for up to 200 characters).

My understanding is that Option2 is a replacement/newer version of Option 1 from the certification agencies, so if it is an either/or thing, Option 2 is preferred.

Below is my code loading the key and certificate and obtaining a value.  Any of these steps may be suspect.  The value I get at the end is 224 characters long, which is too long - the server rejects it on that basis.

Code examples much appreciated.  Thanks in advance,

lordirish

Code extract:



const
    CERTFILE = 'Test';

var
    KeyFile : pBIO;
    TheKey : pEVP_PKEY;
    TheCert : pX509;
    TheValue   : string;

procedure LoadTheCertAndKeyAndGetValue;

    function CallBackFn(buffer: PChar; blength: integer; verify: integer; data: pointer): integer; cdecl;
    var
        Passphrase: String;
    begin
        Result := 0;
        StrPCopy(buffer, CERTFILE);
        Result := Length(CERTFILE);
    end;

var
    TempASN  : pASN1_Integer;
    TempPAC  : PAnsiChar;
    //
    iLoop    : integer;
    x1         : pEVP_PKEY;
    x2         : pX509;
begin
    KeyFile := BIO_new(BIO_s_file());
    BIO_read_filename(KeyFile, PAnsiChar(ExtractFilePath(ParamStr(0)) + CERTFILE + '.key'));
    x1 := nil;
    TheKey  := PEM_read_bio_PrivateKey(KeyFile, x1, @CallBackFn, self);
    //
    KeyFile := BIO_new(BIO_s_file());
    BIO_read_filename(KeyFile, PAnsiChar(ExtractFilePath(ParamStr(0)) + CERTFILE + '.key'));
    x2 := nil;
    TheCert :=  PEM_read_bio_X509(KeyFile, x2, @CallBackFn, self);
    //
    TempASN := X509_get_serialNumber(TheCert);
    TempPAC := TempASN.data;
    TheValue := '';
    for iLoop := 1 to Length(TempPAC) do
        TheValue := TheValue + IntToHex(Ord(TempPAC[iLoop]), 2);
end;

Open in new window

0
Comment
Question by:lordirish
2 Comments
 
LVL 8

Accepted Solution

by:
GeneralTackett earned 2000 total points
ID: 33468531
There is a good section about this at the atozed/ intraweb site.  I also believe you can find it at the indy site just look for ssh and such it is in there it leads to a few tools where you can self publish.  it is rather lengthy to post here.  If you cant find it I will look and post a link.
0
 

Author Closing Comment

by:lordirish
ID: 33508122
Thanks, GeneralTackett.  Apologies for slow response, fell quite ill a couple of days after posting.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there! Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Auth…
Good news! Plesk 12.5 (with update #28 and above) now includes support for HTTP/2. This is a major update to HTTP1.1, which is over 15 years old. Read below to learn how to enable HTTP/2 on your Media Temple DV with Plesk.
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Hi, this video explains a free download that you can incorporate into your Access databases, or use stand-alone for contact management. Contacts -- Names, Addresses, Phone Numbers, eMail Addresses, Websites, Lists, Projects, Notes, Attachments…

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question