使用OpenSSL以编程方式创建X509证书 [英] Programmatically Create X509 Certificate using OpenSSL
问题描述
我有一个C/C ++应用程序,我需要创建一个包含公钥和私钥的X509 pem证书.证书可以是自签名的,也可以是未签名的.
I have a C/C++ application and I need to create a X509 pem certificate containing both a public and private key. The certificate can be self signed, or unsigned, doesn't matter.
我想在应用程序中执行此操作,而不是从命令行中执行.
I want to do this inside an app, not from command line.
哪些OpenSSL函数将为我执行此操作?任何示例代码都是一个奖励!
What OpenSSL functions will do this for me? Any sample code is a bonus!
推荐答案
您需要首先熟悉术语和机制.
You'll need to familiarize yourself with the terminology and mechanisms first.
根据定义,X.509 证书不包含私钥.相反,它是公共密钥的CA签名版本(以及CA放入签名的所有属性). PEM格式实际上仅支持密钥和证书的单独存储-尽管您可以随后将两者进行串联.
An X.509 certificate, by definition, does not include a private key. Instead, it is a CA-signed version of the public key (along with any attributes the CA puts into the signature). The PEM format really only supports separate storage of the key and the certificate - although you can then concatenate the two.
无论如何,您都需要调用OpenSSL API的20多种不同功能来创建密钥和自签名证书.一个示例在OpenSSL源本身中,位于 demos/x509/mkcert.c
In any case, you'll need to invoke 20+ different functions of the OpenSSL API to create a key and a self-signed certificate. An example is in the OpenSSL source itself, in demos/x509/mkcert.c
有关更详细的答案,请参见下面的内森·奥斯曼的解释.
For a more detailed answer, please see Nathan Osman's explanation below.
这篇关于使用OpenSSL以编程方式创建X509证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!