On Sun, Aug 7, 2011 at 6:47 PM, Dr. Stephen Henson <st...@openssl.org> wrote:
>> i have access to a text dump of an SSL certificate: it's in the format >> expected of the openssl x509 "-text" dump format. i do *NOT* have >> access to the quotes original quotes x509 certificate. therefore, it >> is necessary to recreate it. >> does anyone have a clue as to how this can be achieved? am happy to >> write code to do it (c or python) but would prefer not to. [ ok i found mkcert.c in the standard openssl release ] > Well it isn't possible to do that consistently because some of the certificate > data can be ambiguous with the default -text output. For example the DN can be > encoded in many different ways. If there are unsupported extensions that could > be a major problem too. *sigh* :) loovely. ah yes: * i have a serial number which is printed out as 10 hex digits (clues / guesses on what format that might be?) * no, there are no unsupported extensions. * standard openssl functions which set the authority key identifier seem to not allow direct setting of the keyid. any clues on how to do that? > If you have a certificate issued by the same CA that would make things easier > but it would still be a rather hit and miss affair. i'm looking for it... :) l. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org