gsk_create_renewal

Creates a PKCS #10 certification renewal request.

This function is deprecated. Use gsk_create_database_renewal_request() instead.

Format

   #include <gskcms.h>

   gsk_status gsk_create_renewal_request ( 
                                    gsk_handle                 db_handle,  
                                    const char *               label, 
                                    x509_public_key_info *     public_key, 
                                    pkcs_private_key_info *    private_key,  
                                    const char *               subject_name, 
                                    x509_extentions *          extensions)

Parameters

db_handle: Specifies the database handle returned by the gsk_create_database() routine or the gsk_open_database() routine. This must be a request database and not a key database.
label: Specifies the label for the request database record. The label is specified in the local code page.
public_key: Specifies the public key for the certification request.
private_key: Specifies the private key for the certification request.
subject_name: Specifies the distinguished name for the certificate subject. The distinguished name is specified in the local code page and consists of one or more relative distinguished name components separated by commas.
extensions: Specifies certificate extensions to be included in the certification request. Specify NULL for this parameter if no certificate extensions are provided.

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:

[CMSERR_BACKUP_EXISTS]: The backup file already exists.
[CMSERR_BAD_EC_PARAMS]: Elliptic Curve parameters are not valid.
[CMSERR_BAD_HANDLE]: The database handle is not valid.
[CMSERR_BAD_KEY_SIZE]: The key size is not valid.
[CMSERR_BAD_LABEL]: The record label is not valid.
[CMSERR_ECURVE_NOT_FIPS_APPROVED]: Elliptic Curve not supported in FIPS mode.
[CMSERR_ECURVE_NOT_SUPPORTED]: Elliptic Curve is not supported.
[CMSERR_ICSF_FIPS_DISABLED]: ICSF PKCS #11 services are disabled.
[CMSERR_ICSF_NOT_AVAILABLE]: ICSF services are not available.
[CMSERR_ICSF_NOT_FIPS]: ICSF PKCS #11 not operating in FIPS mode.
[CMSERR_ICSF_SERVICE_FAILURE]: ICSF callable service returned an error.
[CMSERR_INCORRECT_DBTYPE]: The database type does not support certification requests.
[CMSERR_IO_ERROR]: Unable to write record.
[CMSERR_LABEL_NOT_UNIQUE]: The record label is not unique.
[CMSERR_NO_MEMORY]: Insufficient storage is available.
[CMSERR_PRIVATE_KEY_INFO_NOT_SUPPLIED]: Private key information not supplied.
[CMSERR_RECORD_TOO_BIG]: The record is larger than the database record length.
[CMSERR_UPDATE_NOT_ALLOWED]: Database is not open for update or update attempted on a FIPS mode database while in non-FIPS mode.

Usage

The gsk_create_renewal_request() routine creates a certification request as described in PKCS #10, Version 1.7: Certification Request. The request is then stored in the request database. The gsk_export_certification_request() routine can be called to create an export file containing the request for transmission to the certification authority.

The gsk_create_renewal_request() routine is similar to the gsk_create_certification_request() routine. Both routines create a PKCS #10 certification request. The difference is the gsk_create_certification_request() routine generates a new public/private key pair while the gsk_create_renewal_request() routine uses the public/private key pair provided by the application.

The record label is used as a friendly name for the database entry. It can be any value and consists of characters which can be represented using 7-bit ASCII (letters, numbers, and punctuation). It may not be an empty string.

The extensions parameter can be used to provide certificate extensions for inclusion in the certification request. Whether or not a particular certificate extension will be included in the new certificate is determined by the certification authority.