NPKIGenerateCertificateFromCSR
Accepts a PKCS #10 CSR from an external source
and sends the request to caServerDN, which then
creates and returns an X.509 certificate (formerly NWPKIGenerateCertificateFromCSR).
Syntax
#include "npki.h"
nuint32 NPKIGenerateCertificateFromCSR(
const NPKIContext context,
const unicode *caServerDN,
const pnuint8 extCSR,
const nuint32 extCSRSize,
const unicode *subjectDN,
const nuint32 signatureAlgorithm,
const nuint32 dateFlags,
const nuint32 validFrom,
const nuint32 validTo,
const NPKI_Extension *keyUsage,
const NPKI_Extension *basicConstraints,
const NPKI_ExtAltNames *altNames,
const NPKI_Extension *NovellAttr,
const NPKI_ASN1_Extensions *extensions,
void *reserved1,
void *reserved2);
Parameters
- context
- (IN) Specifies the NPKI context for the request.
- caServerDN
- (IN) Specifies the FDN of the server that hosts
the CA. This must be a valid eDirectory server in the current tree.
- extCSR
- (IN) Specifies the PKCS #10 CSR that is
to be sent to the CA to create the X.509 certificate.
- extCSRSize
- (IN) Specifies the size of the PKCS #10
CSR.
- subjectDN
- (IN) Not supported in this release. Points to a
subject name to use in the certificate, rather than using the subject
name in the CSR. At this time, this parameter is ignored regardless
of the value given.
- signatureAlgorithm
- (IN) Not supported in this release. Specifies the
signature algorithm to use to sign the certificate, rather than
using the signature algorithm in the CSR. Calls NPKIGetServerInfo to determine which
signature algorithms are supported. At this time, this parameter
is ignored regardless of the value given.
- dateFlags
- (IN) Specifies whether dates have a two-digit or
four-digit year. For this release, set to DEFAULT_YEAR_ENCODING.
- validFrom
- (IN) Specifies the beginning of the period of validity,
represented as the number of seconds since 00:00:00 UTC Jan 1, 1970,
or 0xFFFFFFFF to represent the current time on the server.
- validTo
- (IN) Specifies the end of the period of validity,
represented as the number of seconds since 00:00:00 UTC Jan 1, 1970,
or 0xFFFFFFFF to represent the greatest validity period available on
the server. You call NPKIGetServerInfo to
determine the greatest validity period available on the server.
- keyUsage
- (IN) Specifies the X.509 key usage extension. For
more information, see Section 4.16, X.509 Extensions and Section 4.4, Key Usage Extension. The key usage extension is
not included in the certificate if this parameter is NULL.
- basicConstraints
- (IN) Specifies the X.509 basic constraints extension.
For more information, see Section 4.16, X.509 Extensions and Section 4.1, Basic Constraints
Extension. The basic constraints extension
is not included in the certificate if this parameter is NULL.
- altNames
- (IN) Specifies the X.509 subject alternative name
extension. For more information, see Section 4.16, X.509 Extensions and Section 5.3, Subject Alternative
Names Extension. The subject alternative names
extension is not included in the certificate if this parameter is
NULL.
- NovellAttr
- (IN) Specifies the Novell Security Attributes extension.
For more information, see the Section 4.16, X.509 Extensions and Section 4.5, Novell Security Attributes
Extension. If this parameter is NULL,
the default Novell Security Attributes extension for a key pair
is created outside of the system.
- extensions
- (IN) Specifies any generic ASN.1 encoded extensions
you want to add to the certificate. For more information, see Section 4.16, X.509 Extensions and General Purpose Extension Structure.
- reserved1
- Reserved for future use.
- reserved2
- Reserved for future use.
Return Values
Returns 0 if successful, or an eDirectory, NICI, or PKI error
code if not successful.
PKI NCP Calls
0x2222 93 04 Sign Certificate
Remarks
After a successful call, the resulting certificate and its
size can be obtained by calling NPKICertInfo. The newly-created certificate is not
stored in eDirectory.