> Hi.
> I have such problem.
> The client side need to get certificate from server side.
> But there is no possibility to generate a certificate request on client.
> So the server have to do it by itself.
> Client send all the required data for creating request except private key
> of key pair!Server is assured that pair is valid by organizational
> method. Is there the opportunity to create not signed request and then to
> generate from it the certificate without the request verification. What
> ways are to do it?
> Sorry for bad english.
Yes, you can do this using the same code that's used to generate
self-signed certificates, just change who signs it and the internal key.
However, the issue with doing this is that the code that signs the
certificate will have no way to assure that the entity that requested the
certificate actually holds the key it claims to hold.
Basically, you generate an empty certificate with X509_new, initialize
it
with X509_set_version, X509_set_issuer_name, X509_set_subject_name,
X509_set_notBefore, X509_set_notAfter and X509_set_pubkey. Then add any
necessary extensions with X509_add_ext. Sign it with X509_sign.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
