Hello Here is my problem
I have a Verisign signed certificate (certifiacate A) and want to create certificates which will be signed by it. I create a pair certificate (certifiacate B) private key and send the certificate (B) to a server But when it signes the certifiacate with its private key (A) and returns it to client, windows tells me that the certificate seems to be damaged Here are some lines of my code : First, I create the pair : int sn, rsaSize; RSA * rsa; X509_NAME * name; sn=1; // numéo de série rsaSize=1024; // taille de la clé // création des objets certificat et clés m_pX509 = X509_new(); m_pKey = EVP_PKEY_new(); // génération de la paire de clés RSA et assignation à la structure EVP_PKEY rsa = RSA_generate_key(rsaSize, RSA_F4, NULL, NULL); EVP_PKEY_assign_RSA(m_pKey, rsa); // on fixe la version, le numéro de série et la période de validité X509_set_version(m_pX509,3); ASN1_INTEGER_set(X509_get_serialNumber(m_pX509), sn); X509_gmtime_adj(X509_get_notBefore(m_pX509), 0); X509_gmtime_adj(X509_get_notAfter(m_pX509), (long)60*60*24*nbDays); // on assigne la clé publique au certificat X509_set_pubkey(m_pX509, m_pKey); // on organise les informations sur le créateur du certificat name = X509_get_subject_name(m_pX509); X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (unsigned char*)"FR", -1, -1, 0); X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (unsigned char*)"La Deuxieme Tete (L2T)", -1, -1, 0); X509_NAME_add_entry_by_txt(name, "Email", MBSTRING_ASC, (unsigned char*)"[EMAIL PROTECTED]", -1, -1, 0); X509_set_issuer_name(m_pX509, name); Then I send the certificate to the server and do this : X509_sign(m_pX509, pKey, EVP_md5()); pKey is the private key read with PEM_read_PrivateKey(fp_key, &m_pKey, NULL, NULL); It's a nigtmare I don't know what to do please help me Benoît Goarin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]