Developing CA with Openssl library

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Developing CA with Openssl library

thirumalkumarkanakurthi

Dear users,
 I want to develop my own CA with openssl library with all the CA functionalities like Key generation,Certificate creation,Certificate Revocation List creation,Certificate revocation and certificate verification.in Order to do so i am struct with the following questions

1. currently i am using openssl_1_0_1 stable version. With this version is it possible to perform the above operations.
2. Will above mentioned version provide full CA CRL functionalities.
 please help me  with your valuable suggestions and solutions. Thanks in advance.

Regards
Thirumal Kumar Kanakurthi
Member (Research Staff)/NWS Group
Central Research Laboratory(BEL).
Bangalore.
Mobile:+918050469976


Every Sheets of paper is made from a tree.. Save trees... Conserve Trees.... Go Green .... Don't print this email or any Files unless you really need to!!!!

Confidentiality Notice
The information contained in this electronic message and any attachments to this
message are intended for the exclusive use of the addressee(s) and may contain
confidential or privileged information. If you are not the intended recipient,
please notify the sender at Bharat Electronics or [hidden email]
immediately and destroy all copies of this message and any attachments.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Developing CA with Openssl library

Michel

Hi,

 

Just a suggestion : did you see XCA : http://xca.sourceforge.net/ ?

 

Regards,

 

Michel

 

De : openssl-users [mailto:[hidden email]] De la part de [hidden email]
Envoyé : mercredi 2 mars 2016 09:37
À : [hidden email]
Objet : [openssl-users] Developing CA with Openssl library

 


Dear users,
I want to develop my own CA with openssl library


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Developing CA with Openssl library

lists-161
In reply to this post by thirumalkumarkanakurthi
On 03/02/2016 09:36 AM, [hidden email] wrote:
>
> Dear users,
>  I want to develop my own CA with openssl library with all the CA
> functionalities like Key generation,Certificate creation,Certificate
> Revocation List creation,Certificate revocation and certificate
> verification.in Order to do so i am struct with the following questions
>
> 1. currently i am using openssl_1_0_1 stable version. With this
> version is it possible to perform the above operations.

Yes, but it's a lot of code to write if you plan to use the library.

> 2. Will above mentioned version provide full CA CRL functionalities.
>  please help me  with your valuable suggestions and solutions. Thanks
> in advance.
>

For what I know, all of it is there, too.
But really consider using OpenSSL-based open source products or at least
openssl command line tools where possible, otherwise it is just as
answer (1): there is a lot to do!

> Regards
> Thirumal Kumar Kanakurthi
> Member (Research Staff)/NWS Group
> Central Research Laboratory(BEL).
> Bangalore.
> Mobile:+918050469976

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Developing CA with Openssl library

Bear Giles
I've written big chunks of a CA in both openssl and java (BouncyCastle). It has definite benefits since it can be tightly integrated into an existing infrastructure but does require a fairly deep understanding of both concepts and implementation details. The actual key management is not that hard to write once you have that basic knowledge.

However a CA is a lot more than just signing keys and that can be a lot of work but I think that will be true regardless of whether you're doing new development with the libraries or using scripts with the command line program. The command line is fine for small needs but I would definitely rather use the libraries (C or java) if I had it sitting behind a web or microservice.

Finally I should point out that Amazon has just released an X.509 key management system as part of Amazon Web Services. I haven't had a chance to look at it but it might be easier to implement a front end to it.

Bear

On Wed, Mar 2, 2016 at 11:24 PM, lists <[hidden email]> wrote:
On 03/02/2016 09:36 AM, [hidden email] wrote:

Dear users,
 I want to develop my own CA with openssl library with all the CA functionalities like Key generation,Certificate creation,Certificate Revocation List creation,Certificate revocation and certificate verification.in Order to do so i am struct with the following questions

1. currently i am using openssl_1_0_1 stable version. With this version is it possible to perform the above operations.

Yes, but it's a lot of code to write if you plan to use the library.

2. Will above mentioned version provide full CA CRL functionalities.
 please help me  with your valuable suggestions and solutions. Thanks in advance.


For what I know, all of it is there, too.
But really consider using OpenSSL-based open source products or at least openssl command line tools where possible, otherwise it is just as answer (1): there is a lot to do!


Regards
Thirumal Kumar Kanakurthi
Member (Research Staff)/NWS Group
Central Research Laboratory(BEL).
Bangalore.
Mobile:<a href="tel:%2B918050469976" value="+918050469976" target="_blank">+918050469976

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users