Well if I remember well, you don't specify the key type in the config
file, but when you create the key file itself ("req -newkey" command
in openssl).
BTW, for alternative certificate store usage, you can use
SSL_CTX_xxxxx functions.2009/2/24 sarym binome <[email protected]>: > hello > i thank you very much sir, > i'v other question , where i put the name of signature algorithm which i > use it to sign a certificate , cause in my config file i put only the MD5 > function (but it is a hash function and i can't use it to sign, am i > wrong??) > in my sslcreat.pl > # create request config file (look please the bold underlined ligne ) > sub create_ca_config_file { > > my ($file) = @_; > > open TMP, ">$file"; > print TMP "[ ca ]\n"; > print TMP "default_ca = CA_default\n"; > print TMP "[ CA_default ]\n"; > print TMP "dir = $ARAN_CA_DIR\n"; > print TMP "database = \$dir/index.txt\n"; > print TMP "new_certs_dir = \$dir/newcerts\n"; > print TMP "certificate = \$dir/cacert.pem\n"; > print TMP "serial = \$dir/serial\n"; > print TMP "private_key = \$dir/private/cakey.pem\n"; > print TMP "RANDFILE = \$dir/private/.rand\n"; > print TMP "\n"; > print TMP "default_days = $ARAN_CA_DAYS\n"; > print TMP "default_crl_days = 30\n"; > print TMP "default_md = md5\n"; > print TMP "\n"; > print TMP "policy = policy_any\n"; > print TMP "\n"; > print TMP "[ policy_any ]\n"; > print TMP "countryName = optional\n"; > print TMP "stateOrProvinceName = optional\n"; > print TMP "organizationName = optional\n"; > print TMP "organizationalUnitName = optional\n"; > print TMP "commonName = supplied\n"; > print TMP "emailAddress = optional\n"; > print TMP "\n"; > print TMP "[ req ]\n"; > print TMP "default_bits = 1024\n"; > print TMP "distinguished_name = req_distinguished_name\n"; > print TMP "prompt = no\n"; > print TMP "\n"; > print TMP "[ req_distinguished_name ]\n"; > print TMP "CN = ARAN CA\n"; > print TMP "\n"; > close TMP; > > } > > best regards > > > >> Date: Tue, 24 Feb 2009 08:34:54 +0100 >> Subject: Re: what it is X509_STORE ? >> From: [email protected] >> To: [email protected] >> >> It is a certificate memory store where you should put your >> certificates (CA, root etc..) of your trusted path that are needed by >> your application for signature verifycation. Thjis is also the place >> you will put your CRL. >> >> Have a look at X509_STORE _xxx and X509_load_xxx. functions. You >> might also consider using PEM_read_xxx fnuctions for your signing >> certificate. >> >> regards >> >> Emmanuel >> >> 2009/2/24 sarym binome <[email protected]>: >> > hello >> > i try create a X509 certificate for a CA and certificates signed by the >> > CA , >> > and i want to check it (verify it) , somebody tell me what it is >> > X509_STORE >> > ? >> > thanks. >> > >> > ________________________________ >> > Tous vos amis discutent sur Messenger, et vous ? Téléchargez Messenger, >> > c'est gratuit ! >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List [email protected] >> Automated List Manager [email protected] > > ________________________________ > Découvrez toutes les possibilités de communication avec vos proches ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
