Re: Certificate and Certificate request (Using API)

Fri, 27 Jul 2012 08:07:41 -0700

It really looks to me like the openssl documentation needs improvement as well as a better tool besides CA.pl to help people use openssl in common scenarios. I suspect there is a strong demand for creative private CA support and we should have a friendly script or cookbook for this available somewhere. Fixing this will relieve you guys of answering all these inquiries via email. If any of the devs on openssl would like some help on writing up or coding up some docs/tools to help this process I would be happy to help where I can. I am a windows guy and have very little experience with Unix systems so that is where I would be of more help. I too am new to openssl and am trying to do these same kinds of things and have not yet been comfortable with my knowledge to embark on extensive coding. Let me know if and how I can help. 

Sandy
-----Original Message----- From: Saurabh Pandya 
Sent: Friday, July 27, 2012 7:20 AM
To: openssl-users@openssl.org
Subject: Re: Certificate and Certificate request (Using API)

On 7/27/12, Saurabh Pandya <er.saurabhpan...@gmail.com> wrote:

Do roughly the same thing apps/ca.c does, except you probably don't
need all its options but may want some other options:

Create an X509 and set all needed X509_CINF fields in that X509
to values that you either extract from the X509_REQ and approve,
or choose by your own logic (serial at least). Then sign the X509.


Using My self-signed CA's private key, isn't it ??


I am asking this as I have the basic question about certificate signing

     -> I have my self-sign CA "A" and CA key file "B"
     -> I create another RSA key pair "EVP_PKEY *pkey" to be used for
child leaf certificates
-> I create a certificate "X509 *x" (that supposed to be child of my CA) 
                 I am setting public key by, that will set public key
part of rsa key "pkey", to my certificate "x"
                 X509_set_pubkey(x,pkey)
         And I am signing certificate with my private key
                 x509_sign(x,pkey)

         Then How can I make my normal server certificate "x" as a child of
         my CA certificate "A", do i need to sign it with "B".

         I am confuse which keys to set in X509_set_pubkey() and  X509_sign
         when I want a certificate appeared to be issued by my CA.

Thanks all.
Saurabh
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager majord...@openssl.org 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to