Raj, That's not exactly how certificates work. To get a certificate signed by a CA you have to create a request, and send it to the CA. The CA will then sign it with it's private key. The function that you are looking for is int X509_sign(X509* cert, EVP_PKEY * private_key, EVP_sha1()). This function will programmatically sign a certificate. However, you'll notice that it takes a private key, and a digest algorithm. You have to provide the private key here, and by nature, you do not have the CA's private key. So unfortunately, there is no way not to create a self signed certificate unless you know the private key of a CA.
At this link there are some useful links on certificates, and keys: http://www.openssl.org/docs/HOWTO/ I hope that this clears things up, Sam <http://www.openssl.org/docs/HOWTO/> On Thu, Aug 26, 2010 at 11:59 PM, Raj <rajmo...@codework-solutions.com>wrote: > Hi all > > I want to sign the certificate programmatically.* * > > I have created a X509 certificate programmatically using Open SSL > API's, Instead of making it self signed I want to sign it using another CA > certificate, which is inside my local hard drive. Can anybody tell me how to > do it. > > > > Thanks, > Raj > Rajmohan SK > -- Sam Jantz Software Engineer
