It really looks to me like the openssl documentation needs improvement as
well as a better tool besides CA.pl to help people use openssl in common
scenarios. I suspect there is a strong demand for creative private CA
support and we should have a friendly script or cookbook for this available
somewhere. Fixing this will relieve you guys of answering all these
inquiries via email.
If any of the devs on openssl would like some help on writing up or coding
up some docs/tools to help this process I would be happy to help where I
can. I am a windows guy and have very little experience with Unix systems
so that is where I would be of more help. I too am new to openssl and am
trying to do these same kinds of things and have not yet been comfortable
with my knowledge to embark on extensive coding. Let me know if and how I
can help.
Sandy
-----Original Message-----
From: Saurabh Pandya
Sent: Friday, July 27, 2012 7:20 AM
To: openssl-users@openssl.org
Subject: Re: Certificate and Certificate request (Using API)
On 7/27/12, Saurabh Pandya <er.saurabhpan...@gmail.com> wrote:
Do roughly the same thing apps/ca.c does, except you probably don't
need all its options but may want some other options:
Create an X509 and set all needed X509_CINF fields in that X509
to values that you either extract from the X509_REQ and approve,
or choose by your own logic (serial at least). Then sign the X509.
Using My self-signed CA's private key, isn't it ??
I am asking this as I have the basic question about certificate signing
-> I have my self-sign CA "A" and CA key file "B"
-> I create another RSA key pair "EVP_PKEY *pkey" to be used for
child leaf certificates
-> I create a certificate "X509 *x" (that supposed to be child of my
CA)
I am setting public key by, that will set public key
part of rsa key "pkey", to my certificate "x"
X509_set_pubkey(x,pkey)
And I am signing certificate with my private key
x509_sign(x,pkey)
Then How can I make my normal server certificate "x" as a child of
my CA certificate "A", do i need to sign it with "B".
I am confuse which keys to set in X509_set_pubkey() and X509_sign
when I want a certificate appeared to be issued by my CA.
Thanks all.
Saurabh
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org