self signed X509 without interaction

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

self signed X509 without interaction

Felix Dorner

hi,

i would like to write some code (using the openssl/crypto libs) that

- creates a keypair
- creates a self signed X509 certificate for/with that keypair and uses predefined strings for the certificate attributes, means there will be no user interaction.

i think i can manage to create the keys, however i dont even know how start with the certificate stuff...


i am sure somebody has done this before and hope that guy is on the list

thanks a lot,

Felix
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: self signed X509 without interaction

Dr. Stephen Henson
On Wed, Sep 28, 2005, Felix Dorner wrote:

>
> hi,
>
> i would like to write some code (using the openssl/crypto libs) that
>
> - creates a keypair
> - creates a self signed X509 certificate for/with that keypair and uses predefined strings for the certificate attributes, means there will be no user interaction.
>
> i think i can manage to create the keys, however i dont even know how start with the certificate stuff...
>
>
> i am sure somebody has done this before and hope that guy is on the list
>

The 'req' utility can do this with the appropriate settings. If you want a C
code example then look at demos/x509/mkcert.c

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: self signed X509 without interaction

Frédéric Donnat-2
In reply to this post by Felix Dorner
Hi,

You could also have a look at:
 - demos/selfsign.c
Or the OpenSSL tools:
 - apps/req.c
 - apps/ca.c
 - apps/x509.c

Fred

-----Original Message-----
From: Dr. Stephen Henson [mailto:[hidden email]]
Sent: Wed 9/28/2005 3:12 PM
To: [hidden email]
Cc:
Subject: Re: self signed X509 without interaction
On Wed, Sep 28, 2005, Felix Dorner wrote:

>
> hi,
>
> i would like to write some code (using the openssl/crypto libs) that
>
> - creates a keypair
> - creates a self signed X509 certificate for/with that keypair and uses predefined strings for the certificate attributes, means there will be no user interaction.
>
> i think i can manage to create the keys, however i dont even know how start with the certificate stuff...
>
>
> i am sure somebody has done this before and hope that guy is on the list
>

The 'req' utility can do this with the appropriate settings. If you want a C
code example then look at demos/x509/mkcert.c

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: self signed X509 without interaction

David Pope
In reply to this post by Felix Dorner
Also see src/doc/HOWTO/certificates.txt and keys.txt, as well as src/doc/openssl.txt.  These might provide guidance for the ideas behind the code that Frédéric pointed to.

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Frédéric Donnat
Sent: Wednesday, September 28, 2005 11:15 AM
To: [hidden email]
Subject: RE: self signed X509 without interaction

Hi,

You could also have a look at:
 - demos/selfsign.c
Or the OpenSSL tools:
 - apps/req.c
 - apps/ca.c
 - apps/x509.c

Fred

-----Original Message-----
From: Dr. Stephen Henson [mailto:[hidden email]]
Sent: Wed 9/28/2005 3:12 PM
To: [hidden email]
Cc:
Subject: Re: self signed X509 without interaction
On Wed, Sep 28, 2005, Felix Dorner wrote:

>
> hi,
>
> i would like to write some code (using the openssl/crypto libs) that
>
> - creates a keypair
> - creates a self signed X509 certificate for/with that keypair and uses predefined strings for the certificate attributes, means there will be no user interaction.
>
> i think i can manage to create the keys, however i dont even know how start with the certificate stuff...
>
>
> i am sure somebody has done this before and hope that guy is on the list
>

The 'req' utility can do this with the appropriate settings. If you want a C
code example then look at demos/x509/mkcert.c

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: self signed X509 without interaction

Felix Dorner
I looked especially at demos/selfsign.c and think it is conceptually not
very hard to understand. (my c skills however...) Anyway I think i will
get allong with this.

Thanks a lot so far.

Felix Dorner
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]