On 7/27/12, Saurabh Pandya <er.saurabhpan...@gmail.com> wrote: >> Do roughly the same thing apps/ca.c does, except you probably don't >> need all its options but may want some other options: >> >> Create an X509 and set all needed X509_CINF fields in that X509 >> to values that you either extract from the X509_REQ and approve, >> or choose by your own logic (serial at least). Then sign the X509. > > Using My self-signed CA's private key, isn't it ??
I am asking this as I have the basic question about certificate signing -> I have my self-sign CA "A" and CA key file "B" -> I create another RSA key pair "EVP_PKEY *pkey" to be used for child leaf certificates -> I create a certificate "X509 *x" (that supposed to be child of my CA) I am setting public key by, that will set public key part of rsa key "pkey", to my certificate "x" X509_set_pubkey(x,pkey) And I am signing certificate with my private key x509_sign(x,pkey) Then How can I make my normal server certificate "x" as a child of my CA certificate "A", do i need to sign it with "B". I am confuse which keys to set in X509_set_pubkey() and X509_sign when I want a certificate appeared to be issued by my CA. Thanks all. Saurabh ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org