To change the Common Name attribute (or any attribute, really), you have to re-sign the new certificate.
I'd think that you would need d2i_*, i2d_*, X509_*, and whatever else is necessary to actually sign the data... then load the newly-signed data as the certificate. You should look at the source code for openssl ca to see what it does. -Kyle H On 8/16/06, Xie Grace Jingru-LJX001 <[EMAIL PROTECTED]> wrote:
Hi Krishna, Thanks for your help. What are the set of APIs that would enable me to generate the cert on the fly? Could you provide more detail? Thanks, -Grace -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Krishna M Singh Sent: Wednesday, August 16, 2006 4:29 AM To: openssl-users@openssl.org Subject: Re: How to change "Common Name" field in a self-signed certificate at run time U can have a set of APIs to generate the cert with some configurable common name on the fly... Not sure whether u want to always use a particular self-sign cert and modifiy CN of that particular cert or u want to generate a self-signed cert with a configurable common name... hth -Krishna On 8/15/06, Xie Grace Jingru-LJX001 <[EMAIL PROTECTED]> wrote: > Hi, > > In the code I am programming, it's required to replace the Common Name > (CN) field at runtime. Does anyone know how to replace one field at > runtime without using Openssl command? Meaning by calling some routing > to change just that one field in a self-signed certificate. > > Thanks, > -Grace > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
-- -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]