On 7/27/12, Saurabh Pandya <[email protected]> wrote:
>> Do roughly the same thing apps/ca.c does, except you probably don't
>> need all its options but may want some other options:
>>
>> Create an X509 and set all needed X509_CINF fields in that X509
>> to values that you either extract from the X509_REQ and approve,
>> or choose by your own logic (serial at least). Then sign the X509.
>
> Using My self-signed CA's private key, isn't it ??
I am asking this as I have the basic question about certificate signing
-> I have my self-sign CA "A" and CA key file "B"
-> I create another RSA key pair "EVP_PKEY *pkey" to be used for
child leaf certificates
-> I create a certificate "X509 *x" (that supposed to be child of my CA)
I am setting public key by, that will set public key
part of rsa key "pkey", to my certificate "x"
X509_set_pubkey(x,pkey)
And I am signing certificate with my private key
x509_sign(x,pkey)
Then How can I make my normal server certificate "x" as a child of
my CA certificate "A", do i need to sign it with "B".
I am confuse which keys to set in X509_set_pubkey() and X509_sign
when I want a certificate appeared to be issued by my CA.
Thanks all.
Saurabh
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
