GENERATE CERTIFICATE REQUEST

version 6.7

GENERATE CERTIFICATE REQUEST (privKey; certifRequest; codeArray; nameArray)

The GENERATE CERTIFICATE REQUEST command generates a certificate request at the PKCS format which can be directly used by certificate authorities such as Verisign(R) . The certificate plays an important part in the SSL secured protocol. It is sent to each browser connecting in SSL mode. It contains the "ID card" of the Web site (made from the information entered in the command), as well as its public key allowing the browsers to decrypt the received information. Furthermore, the certificate contains various information added by the certificate authority which guarantees its integrity.

Note: For more information on the SSL protocol use with 4D Web server, refer to the section Using SSL Protocol.

The certificate request uses keypairs generated with the command GENERATE ENCRYPTION KEYPAIR and contains various information. The certificate authority will generate its certificate combining this request with other parameters.

Pass in privKey a BLOB containing the private key generated with the command GENERATE ENCRYPTION KEYPAIR.

Pass in certifRequest an empty BLOB. Once the command has been executed, it contains the certificate request at the PKCS format. You can store this request in a text file, for example using the BLOB TO DOCUMENT command, to submit it to the certificate authority.

Warning: The private key is used to generate the request but should NOT be sent to the certificate authority.

The arrays codeArray (long integer) and nameArray (string) should be filled respectively with the code numbers and the information content required by the certificate authority.

The required codes and names may change according to the certificate authority and the certificate use. However, within a normal use of the certificate (Web server connections via SSL), the arrays should contain the following items:

The code and information content entering order does not matter, however the two arrays must be synchronized: if the third item of the codeArray contains the value 15 (locality name), the nameArray third item should contain this information, in our example San Jose.

A "Certificate request" form contains the six fields necessary for a standard certificate request. The Generate button creates a document on disk containing the certificate request. The "Privatekey.txt" document containing the private key (generated with the GENERATE ENCRYPTION KEYPAIR command) should be on the disk:

Here is the Generate button method:

   ` bGenerate Object Method

   C_BLOB($vbprivateKey;$vbcertifRequest)
   C_LONGINT($tableNum)
   ARRAY LONGINT($tLCodes;6)
   ARRAY STRING(80;$tSInfos;6)

   $tableNum:=Table(Current form table)
   For ($i;1;6)
      $tSInfos{$i}:= Field($tableNum;$i)->
      $tLCodes{$i}:=$i+12
   End for
   If (Find in array($tSInfos;"") # -1)
      ALERT ("All fields should be filled.")
   Else
      ALERT ("Select your private key.")
      $vhDocRef:=Open document("") 
      If(OK=1)
         CLOSE DOCUMENT($vhDocRef)
         DOCUMENT TO BLOB(Document;$vbprivateKey)
         GENERATE CERTIFICATE REQUEST($vbPrivateKey;$vbcertifRequest;$tLCodes;$tSInfos)
         BLOB TO DOCUMENT ("Request.txt";$vbcertifRequest)
      Else
         ALERT ("Invalid private key.")
      End if
   End if

GENERATE ENCRYPTION KEYPAIR, Using SSL Protocol.