Hi all, To sign a certificate signing request (CSR) in OpenSSL I use X509_sign() function by feeding it with a request (as X509_REQ*), signing key and a digest.
Now I have my signing key stored in HSM, so I can't extract it to sign CSR. Unfortunately PKCS#11 does not provide an analogue to X509_sign(). All it has is C_Sign() / C_SignUpdate() / C_SignFinal() family of functions which operate on raw data. Can someone help me with sample C/C++ code how to use SoftHSMv2 to sign CSR created with OpenSSL? -- Andrei
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
