I wrote this script years ago when I switched to Godaddy 10 site certificates. I don't use it from C# You could easily put it into C# or PHP. < > would be variables at the top. I have it filled in so I just modify the alt_names. I just cut and paste the all of it into Ubuntu and run it in the directory /etc/apache2/ssl. If you don't need all 10, you can delete the extra ones in alt_names. openssl req -new -sha256 -nodes -out \<crs_name.csr> -newkey rsa:2048 -keyout \<your key name.key> -config <( cat <<-EOF [req] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C= < country > ST= < Your States > L= < City or location > O= < Organization > OU= <Organizational Unit > emailAddress= <your email> CN = <The common name of the cert> [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = < domain #1 > DNS.2 = < domain #2 > DNS.3 = < domain #3 > DNS.4 = < domain #4 > DNS.5 = < domain #5 > DNS.6 = < domain #6 > DNS.7 = < domain #7 > DNS.8 = < domain #8 > DNS.9 = < domain #9 > EOF ) -----Original Message----- From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> On Behalf Of Piotr Lobacz Sent: Monday, May 24, 2021 5:54 AM To: openssl-users@xxxxxxxxxxx Subject: CSR generation using pkcs11 token engine from C# code Hi all, i am currently trying to generate CSR with the usage of tpm2-pkcs11 module together with pkcs11 engine from opensc and the whole thing running with openssl api from C# code. I have checked that my solution works from command line. I have added these lines: openssl_conf = openssl_init [openssl_init] engines = engine_section [engine_section] pkcs11 = pkcs11_section [pkcs11_section] engine_id = pkcs11 dynamic_path = /usr/lib/engines-1.1/libpkcs11.so MODULE_PATH = /usr/lib/libtpm2_pkcs11.so init = 0 to the /etc/ssl/openssl.cnf configuration file and than this command: openssl req -new -subj '/C=PL/ST=Gdansk/L=Gdansk/CN=softgent.com/' -sha256 -engine pkcs11 -keyform engine -key "pkcs11:token=foo;object=tls;type=private;pin-value=1234567890" produces CSR for me. Now i want to do all this, from C# code. I have found a C# library https://github.com/andyhopp/OpenSsl.DynamicEngine which will load the engine, but i think that this won't be sufficient in a matter of pkcs11 engine, because i also need to load pkcs11 module. The question is what should i add to this library for propper work in means of pkcs11 api? What i mean is to use all this data from cnf file to configure openssl. Another question is how to execute this command above for csr from C#? I suspect that because on linux C# sdk uses openssl api for all cryptographic operations than it should be somehow similar to the C solution. I would be gratefull if someone could point me at least for a C solution of this issue. Best regards Piotr Lobacz [https://softgent.com/wp-content/uploads/2020/01/Zasob-14.png]<https://www.softgent.com> Softgent Sp. z o.o., Budowlanych 31d, 80-298 Gdansk, POLAND KRS: 0000674406, NIP: 9581679801, REGON: 367090912 www.softgent.com Sąd Rejonowy Gdańsk-Północ w Gdańsku, VII Wydział Gospodarczy Krajowego Rejestru Sądowego KRS 0000674406, Kapitał zakładowy: 25 000,00 zł wpłacony w całości.
