Programmatically input data in X509 Certificate using OpenSSL

Question

I am trying to create a ecdsa certificate but I would like to generate it programatically. I am using openssl and C programming.

When I generate a certificate from the command line multiple questions are asked me to answer in other to use in the certificate. I would like to know how to define this questions, input this data programatically.

This is what I have found on the web, but I don't understand how to insert more information and this really works:

X509 *x; 
x=X509_new(); 
X509_NAME *name = X509_get_subject_name(x); 
X509_set_version(x, 2); 
ASN1_INTEGER_set(X509_get_serialNumber(x), 3); 
X509_gmtime_adj(X509_get_notBefore(x), 0); 
X509_gmtime_adj(X509_get_notAfter(x), (long) 60 * 60 * 24 * 365); 
X509_set_pubkey(x, pk); 
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char*) "PT", -1, -1, 0); 

The X509_NAME_add_entry_by_txt function I realise it's the answer to the country, but what does this "C" means? How is this function composed? Can I put whatever I want in the place of "C" and in the place of "PT"?

Answer 1

The C is the standard way of denoting the country and PT is the correct selection for Portugal (see this list for other country options).

You can use the X509_NAME_add_entry_by_txt function to set other values in the distinguished name, using the correct prefix:

• C = country
• ST = state
• L = locality
• O = organisation
• OU = organisational unit
• CN = common name

Only the country field has a fixed range of choices.

See also the example given on the manual page: http://www.openssl.org/docs/crypto/X509_NAME_add_entry_by_txt.html#EXAMPLES