Hello,
Why do you need to get the public key at the time the certificate is issued? You already have it.
We are using DKIM (domain key signing), it uses not the x509 public key, but the public key of the private key. The idea is to extract the rsa public key at the time the CA issue the cert and load this rsa public key to a db. This program is run against the CA. The CA can extract the public key from the certificate request. I see, so I can't extract the public key -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg8yo6rDhsNiwUfVR37HgF4bWq oG13Nd9XLT+Z0VLzCkWJZOdzGNQnnm7ujoQ8gbxeDvIo9RG5I3eZteBwD91Nf6P/ E9lvJQDL2Qnz4EXH/CVW9DeEfvY1UJN9kc6q6KkYEPWssvVvlDOp2slbEKZCJtaP vVuGCAqfaps8J0FjOQIDAQAB -----END PUBLIC KEY----- from the already issued certificate? The certificate contains the public key.
But you already have the public key, since you sent the certificate request in the first place, and you have the private key that the public key was generated with.
The user won't be the one extracting the public key but the program running against the CA server.
But, you could try: $ openssl x509 -inform PEM -in file.pem -x509toreq -out file.csr $ openssl req -in file.csr -pubkey -noout (the '-noout' can be replaced with '-outform pem -out publickey.pem' if you need it to go to a file.)
hmm, I'm running openca so I'm not sure where the certificate request are located at. Where are they located at in openssl? thanks, Janet -Kyle H
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
