Creates a PKCS #10 certification renewal request.
This
function is deprecated. Use gsk_create_database_renewal_request() instead.
Format
#include <gskcms.h>
gsk_status gsk_create_renewal_request (
gsk_handle db_handle,
const char * label,
x509_public_key_info * public_key,
pkcs_private_key_info * private_key,
const char * subject_name,
x509_extentions * extensions)
Parameters
- db_handle
- Specifies the database handle returned by the gsk_create_database() routine
or the gsk_open_database() routine. This must be a request
database and not a key database.
- label
- Specifies the label for the request database record. The label
is specified in the local code page.
- public_key
- Specifies the public key for the certification request.
- private_key
- Specifies the private key for the certification request.
- subject_name
- Specifies the distinguished name for the certificate subject.
The distinguished name is specified in the local code page and consists
of one or more relative distinguished name components separated by
commas.
- extensions
- Specifies certificate extensions to be included in the certification
request. Specify NULL for this parameter if no certificate extensions
are provided.
Results
The function return value will be
0 if no error is detected. Otherwise, it will be one of the return
codes listed in the
gskcms.h include file. These are some possible
errors:
- [CMSERR_BACKUP_EXISTS]
- The backup file already exists.
- [CMSERR_BAD_EC_PARAMS]
- Elliptic Curve parameters are not valid.
- [CMSERR_BAD_HANDLE]
- The database handle is not valid.
- [CMSERR_BAD_KEY_SIZE]
- The key size is not valid.
- [CMSERR_BAD_LABEL]
- The record label is not valid.
- [CMSERR_ECURVE_NOT_FIPS_APPROVED]
- Elliptic Curve not supported in FIPS mode.
- [CMSERR_ECURVE_NOT_SUPPORTED]
- Elliptic Curve is not supported.
- [CMSERR_ICSF_FIPS_DISABLED]
- ICSF PKCS #11 services are disabled.
- [CMSERR_ICSF_NOT_AVAILABLE]
- ICSF services are not available.
- [CMSERR_ICSF_NOT_FIPS]
- ICSF PKCS #11 not operating in FIPS mode.
- [CMSERR_ICSF_SERVICE_FAILURE]
- ICSF callable service returned an error.
- [CMSERR_INCORRECT_DBTYPE]
- The database type does not support certification requests.
- [CMSERR_IO_ERROR]
- Unable to write record.
- [CMSERR_LABEL_NOT_UNIQUE]
- The record label is not unique.
- [CMSERR_NO_MEMORY]
- Insufficient storage is available.
- [CMSERR_PRIVATE_KEY_INFO_NOT_SUPPLIED]
- Private key information not supplied.
- [CMSERR_RECORD_TOO_BIG]
- The record is larger than the database record length.
- [CMSERR_UPDATE_NOT_ALLOWED]
- Database is not open for update or update attempted on a FIPS
mode database while in non-FIPS mode.
Usage
The gsk_create_renewal_request() routine
creates a certification request as described in PKCS #10, Version 1.7: Certification Request.
The request is then stored in the request database. The gsk_export_certification_request() routine
can be called to create an export file containing the request for
transmission to the certification authority.
The gsk_create_renewal_request() routine
is similar to the gsk_create_certification_request() routine.
Both routines create a PKCS #10 certification request. The difference
is the gsk_create_certification_request() routine generates
a new public/private key pair while the gsk_create_renewal_request() routine
uses the public/private key pair provided by the application.
The
record label is used as a friendly name for the database entry. It
can be any value and consists of characters which can be represented
using 7-bit ASCII (letters, numbers, and punctuation). It may not
be an empty string.
The extensions parameter can be used to
provide certificate extensions for inclusion in the certification
request. Whether or not a particular certificate extension will be
included in the new certificate is determined by the certification
authority.