--> I have created my self signed CA (cert.pem) using following openssl commands
1) openssl req -config /etc/openssl.cnf -new -x509 -keyout private.key
-out cert.pem -days 8000 -passin pass:"abcd" -passout pass:"abcd"
2) openssl ca -updatedb -config /etc/openssl.cnf -keyfile private.key
-key "abcd" -cert cert.pem
--> I want to use this CA and private key to sign other (server)
certificates programmatically.
I am aware about .../demo/x509/mkcert.cc and .../demo/x509.mkreq.cc sample apps
--> QUESTIONS:
Can I directly create X509 *cert, add stuff and sign it,
straightforward (mkcert.cc).
OR
Need to create X509_REQ (as shown in mkreq.cc) first and then
sign certificate
request with CA
(IS there any compulsion or advisory, that One SHOULD/MUST make
certificate request
before making certificate)
Thanks,
Saurabh
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
