Thanks, David, that's exactly what I needed. I already found some examples, but these are very clear as steps to create the cert.
One more question, though: how do you convert an RSA public key from an (uint8_t *) type to the RSA type defined in OpenSSL (or to EVP_PKEY). I have been googling on this but haven't found anything yet. Gratefully, 2008/8/20 David Schwartz <[EMAIL PROTECTED]> > > > The only thing that I need is to certify the public key of > > the client by the server, therefore the common name and > > related infos are not used and have no meaning in this > > context. Moreover, the certification chain is local/private, > > so it does not involve interactions with external (public) CAs. > > > Finally, my question was related to how to do this with the openssl > > command or with calls to the functions in the OpenSSL library. > > Fill in the certificate structure with the appropriate fields and sign it. > It's really that simple. > > X509_new > X509_set_version > ASN1_INTEGER_set(X509_get_serialNumber(), ) > X509_set_issuer_name > X509_set_subject_name > X509_set_notBefore > X509_set_notAfter > X509_set_pubkey > X509_add_ext (if needed, as needed) > X509_sign > PEM_write_bio_X509/i2d_X509 (or whatever you want to do with the cert) > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > -- Silviu