> My program has a CSR in DER format, and the CA private key, and needs > to generate a CRT in DER format. The CA key is DSA, the CSR may be from > a DSA or RSA key. > > Now, it seems that all documentation I was able to google shows how to > do that using the openssl command line tool, but there's no direct api > function available to accomplish this in C code. > > Do you know some example code, or some hints, or will I have to dissect > the source of the command line tool?
The command line tool's source is not very difficult to understsand. Basically you: Call X509_new to allocate a new X509 certificate structure. (X509_new) Call X509_set_version to set the version to the number 2, which means version 3. (X509_set_version) Set the serial number, issuer name, subject name, and validity interval. (X509_set_issuer_name, X509_set_subject_name, x509_set_notBefore, X509_set_notAfter) Set the public key to the subject's public key. (X509_set_pubkey) Add any basic contraints, key usage, and the like. (X509V3_EXT_conf_nid, X509_add_ext) Sign the certificate. (X509_sign) Write the certificate out. (PEM_write_bio_X509) Free the certificate structure. (X509_free) DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
