cjs 2895 wrote:
>
> Howdy all,
>
> I'm writing a C program that generates certificates signed by my CA.
> Since I'm unfamiliar with the openssl library, my immediate goal is
> to create an exact replica of the certificate/key I made for my personal web
> server through the command line.
>
> I've gotten to the point where I can produce a signed certificate with the
> same information and signature as the one I made with the command line. The
> only remaining difference is that the one I made in C appears to have both
> my public and private key attached to it (shown
> with X509_print) and the one I made with the command line (shown with
> openssl x509 -text) appears to only have the public key.
>
> After creating a new X509 structure to hold the signed certificate I'm
> calling X509_set_pubkey(signcert, X509_REQ_get_pubkey(reqcert)) to copy the
> public key from the certificate request structure. Somehow
> the private key is coming along too. What am I missing?
>
The private key is copied into the structure (which is why X509_print
shows it) but the encoded version will only contain the public key.
So if you write the certificate to a file and try x509 -text on it it
will now only show the public key.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
