Skip to main content
Version: Next

GENERATE CERTIFICATE REQUEST

GENERATE CERTIFICATE REQUEST ( privKey ; certifRequest ; codeArray ; nameArray )

ParameterTypeDescription
privKeyBlobBLOB containing the private key
certifRequestBlobBLOB receiving the certificate request
codeArrayArray integerInformation code list
nameArrayText arrayName list

Description

The GENERATE CERTIFICATE REQUEST command generates a certificate request at the PKCS format which can be directly used by certificate authorities such as Verisign(R) . The certificate plays an important part in the SSL secured protocol. It is sent to each browser connecting in SSL mode. It contains the “ID card” of the Web site (made from the information entered in the command), as well as its public key allowing the browsers to decrypt the received information. Furthermore, the certificate contains various information added by the certificate authority which guarantees its integrity.

Note: For more information on the SSL protocol use with 4D Web server, refer to the WEB SERVICE SET PARAMETER section.

The certificate request uses keypairs generated with the GENERATE ENCRYPTION KEYPAIR command and contains various information. The certificate authority will generate its certificate combining this request with other parameters.

Pass in privKey a BLOB containing the private key generated with the GENERATE ENCRYPTION KEYPAIR command.

Pass in certifRequest an empty BLOB. Once the command has been executed, it contains the certificate request at the PKCS format encoded in base64. You can store the contents directly in a text file suffixed .pem, for example using the BLOB TO DOCUMENT command, to submit it to the certificate authority.

Warning: The private key is used to generate the request but should NOT be sent to the certificate authority.

The arrays codeArray (long integer) and nameArray (string) should be filled respectively with the code numbers and the information content required by the certificate authority.

The required codes and names may change according to the certificate authority and the certificate use. However, within a normal use of the certificate (Web server connections via SSL), the arrays should contain the following items:

Information to providecodeArraynameArray (Examples)
CommonName13www.4D.com
CountryName (two letters)14US
LocalityName15San Jose
StateOrProvinceName16California
OrganizationName174D, Inc.
OrganizationUnit18Web Administrator

The code and information content entering order does not matter, however the two arrays must be synchronized: if the third item of the codeArray contains the value 15 (locality name), the nameArray third item should contain this information, in our example San Jose.

Example

A “Certificate request” form contains the six fields necessary for a standard certificate request. The Generate button creates a document on disk containing the certificate request. The “Privatekey.txt” document containing the private key (generated with the GENERATE ENCRYPTION KEYPAIR command) should be on the disk:

Here is the Generate button method:

  // bGenerate Object Method
 
 var $vbprivateKey;$vbcertifRequest : Blob
 var $tableNum : Integer
 ARRAY LONGINT($tLCodes;6)
 ARRAY STRING(80;$tSInfos;6)
 
 $tableNum:=Table(Current form table)
 For($i;1;6)
    $tSInfos{$i}:=Field($tableNum;$i)->
    $tLCodes{$i}:=$i+12
 End for
 If(Find in array($tSInfos;"")#-1)
    ALERT("All fields should be filled.")
 Else
    ALERT("Select your private key.")
    $vhDocRef:=Open document("")
    If(OK=1)
       CLOSE DOCUMENT($vhDocRef)
       DOCUMENT TO BLOB(Document;$vbprivateKey)
       GENERATE CERTIFICATE REQUEST($vbPrivateKey;$vbcertifRequest;$tLCodes;$tSInfos)
       BLOB TO DOCUMENT("Request.txt";$vbcertifRequest)
    Else
       ALERT("Invalid private key.")
    End if
 End if

See also

GENERATE ENCRYPTION KEYPAIR
HTTP SET CERTIFICATES FOLDER