Hello
Here is my problem
I have a Verisign signed certificate (certifiacate A) and want to create
certificates which will be signed by it.
I create a pair certificate (certifiacate B) private key and send the
certificate (B) to a server
But when it signes the certifiacate with its private key (A) and returns it
to client, windows tells me that the certificate seems to be damaged
Here are some lines of my code :
First, I create the pair :
int sn, rsaSize;
RSA * rsa;
X509_NAME * name;
sn=1; // num�o de s�rie
rsaSize=1024; // taille de la cl�
// cr�ation des objets certificat et cl�s
m_pX509 = X509_new();
m_pKey = EVP_PKEY_new();
// g�n�ration de la paire de cl�s RSA et assignation � la structure EVP_PKEY
rsa = RSA_generate_key(rsaSize, RSA_F4, NULL, NULL);
EVP_PKEY_assign_RSA(m_pKey, rsa);
// on fixe la version, le num�ro de s�rie et la p�riode de validit�
X509_set_version(m_pX509,3);
ASN1_INTEGER_set(X509_get_serialNumber(m_pX509), sn);
X509_gmtime_adj(X509_get_notBefore(m_pX509), 0);
X509_gmtime_adj(X509_get_notAfter(m_pX509), (long)60*60*24*nbDays);
// on assigne la cl� publique au certificat
X509_set_pubkey(m_pX509, m_pKey);
// on organise les informations sur le cr�ateur du certificat
name = X509_get_subject_name(m_pX509);
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char*)"FR",
-1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char*)"La
Deuxieme Tete (L2T)", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "Email", MBSTRING_ASC, (unsigned
char*)"[EMAIL PROTECTED]", -1, -1, 0);
X509_set_issuer_name(m_pX509, name);
Then I send the certificate to the server and do this :
X509_sign(m_pX509, pKey, EVP_md5());
pKey is the private key read with
PEM_read_PrivateKey(fp_key, &m_pKey, NULL, NULL);
It's a nigtmare I don't know what to do
please help me
Beno�t Goarin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
