Hello
Here is my problem
I have a Verisign signed certificate (certifiacate A) and want to create
certificates which will be signed by it.
I create a pair certificate (certifiacate B) private key and send the
certificate (B) to a server
But when it signes the certifiacate with its private key (A) and returns it
to client, windows tells me that the certificate seems to be damaged
Here are some lines of my code :
First, I create the pair :
int sn, rsaSize;
RSA * rsa;
X509_NAME * name;
sn=1; // numéo de série
rsaSize=1024; // taille de la clé
// création des objets certificat et clés
m_pX509 = X509_new();
m_pKey = EVP_PKEY_new();
// génération de la paire de clés RSA et assignation à la structure EVP_PKEY
rsa = RSA_generate_key(rsaSize, RSA_F4, NULL, NULL);
EVP_PKEY_assign_RSA(m_pKey, rsa);
// on fixe la version, le numéro de série et la période de validité
X509_set_version(m_pX509,3);
ASN1_INTEGER_set(X509_get_serialNumber(m_pX509), sn);
X509_gmtime_adj(X509_get_notBefore(m_pX509), 0);
X509_gmtime_adj(X509_get_notAfter(m_pX509), (long)60*60*24*nbDays);
// on assigne la clé publique au certificat
X509_set_pubkey(m_pX509, m_pKey);
// on organise les informations sur le créateur du certificat
name = X509_get_subject_name(m_pX509);
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char*)"FR",
-1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char*)"La
Deuxieme Tete (L2T)", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "Email", MBSTRING_ASC, (unsigned
char*)"[EMAIL PROTECTED]", -1, -1, 0);
X509_set_issuer_name(m_pX509, name);
Then I send the certificate to the server and do this :
X509_sign(m_pX509, pKey, EVP_md5());
pKey is the private key read with
PEM_read_PrivateKey(fp_key, &m_pKey, NULL, NULL);
It's a nigtmare I don't know what to do
please help me
Benoît Goarin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
