Hi, You will always have to create a certificate request using your private key.
This certificate request is used to sign and create respective certificate. Hope this helps. On Wed, Jul 25, 2012 at 2:14 PM, Saurabh Pandya <er.saurabhpan...@gmail.com>wrote: > --> I have created my self signed CA (cert.pem) using following openssl > commands > > 1) openssl req -config /etc/openssl.cnf -new -x509 -keyout private.key > -out cert.pem -days 8000 -passin pass:"abcd" -passout pass:"abcd" > > 2) openssl ca -updatedb -config /etc/openssl.cnf -keyfile private.key > -key "abcd" -cert cert.pem > > > --> I want to use this CA and private key to sign other (server) > certificates programmatically. > > I am aware about .../demo/x509/mkcert.cc and .../demo/x509.mkreq.ccsample apps > > --> QUESTIONS: > > Can I directly create X509 *cert, add stuff and sign it, > straightforward (mkcert.cc). > OR > Need to create X509_REQ (as shown in mkreq.cc) first and then > sign certificate > request with CA > > (IS there any compulsion or advisory, that One SHOULD/MUST make > certificate request > before making certificate) > > Thanks, > Saurabh > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Regards, *Sukalp Bhople.*
