[英]Create x509 chain with c++ openssl lib
I have clientCA.key and clientCA.crt - intermediate private key and certificate.我有 clientCA.key 和 clientCA.crt - 中间私钥和证书。 Now, I generate endpoint private key and certificate request at command line:
现在,我在命令行生成端点私钥和证书请求:
openssl req -new -nodes -newkey rsa:2048 -keyout clientEP.key -out clientEP.csr \ -subj "/C=CA/ST=AAA/L=BBB/O=CCC/OU=DDD/CN=EEE/emailAddress=m@m"
Then make endpoint certificate with signing by intermediate CA certificate and key:然后通过中间 CA 证书和密钥签名制作端点证书:
openssl x509 -req -CAkey clientCA.key -CA clientCA.crt -days 365 -in clientEP.csr -out clientEP.crt -set_serial 25 -extfile clientEP.cnf
It's easy to generate RSA key and request: RSA_generate_key_ex(keys, 2048,e, NULL);
生成 RSA 密钥和请求很容易:
RSA_generate_key_ex(keys, 2048,e, NULL);
X509_REQ_new();
but how can I get request signed by clientCA.key and clientCA.crt and take clientEP.crt with C++ Openssl library?但是我怎样才能获得由 clientCA.key 和 clientCA.crt 签名的请求,并将 clientEP.crt 与 C++ Openssl 库一起使用? Maybe it's possible to generate Endpoint certificate from this files without request?
也许可以在没有请求的情况下从此文件生成端点证书?
Openssl provides various functions and you can use them. Openssl 提供各种功能,您可以使用它们。 It's better to search more or visit an openssl org.
最好搜索更多或访问 openssl org。 And read the description of each function carefully.
并仔细阅读每个 function 的说明。
You can do like you did on linux(maybe),你可以像在 linux 上那样做(也许),
EVP_PKEY *pkey = EVP_PKEY_new(void);
See: https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_new.html参见: https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_new.html
RSA *rsa = RSA_generate_key(1024, 3, 0, 0);
EVP_PKEY_set1_RSA(pkey, RSA *key);
See also https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html另见https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html
X509 *cert = X509_new(void);
X509_set_pubkey(cert, pkey);
X509_sign(cert, pkey, 0); // third param is a hashing option.
You may get the information when you google it more.当你更多地搜索它时,你可能会得到信息。 In addition, openssl provides a write api such as BIO_write or PEM_write_X509 and so on.
另外,openssl提供了写api如BIO_write或PEM_write_X509等。
I hope it would be helpful.我希望它会有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.