使用OpenSSL以编程方式创建X509证书 [英] Programmatically Create X509 Certificate using OpenSSL

问题描述

我有一个C/C ++应用程序，我需要创建一个包含公钥和私钥的X509 pem证书.证书可以是自签名的，也可以是未签名的.

I have a C/C++ application and I need to create a X509 pem certificate containing both a public and private key. The certificate can be self signed, or unsigned, doesn't matter.

我想在应用程序中执行此操作，而不是从命令行中执行.

I want to do this inside an app, not from command line.

哪些OpenSSL函数将为我执行此操作?任何示例代码都是一个奖励！

What OpenSSL functions will do this for me? Any sample code is a bonus!

推荐答案

您需要首先熟悉术语和机制.

You'll need to familiarize yourself with the terminology and mechanisms first.

根据定义，X.509 证书不包含私钥.相反，它是公共密钥的CA签名版本(以及CA放入签名的所有属性). PEM格式实际上仅支持密钥和证书的单独存储-尽管您可以随后将两者进行串联.

An X.509 certificate, by definition, does not include a private key. Instead, it is a CA-signed version of the public key (along with any attributes the CA puts into the signature). The PEM format really only supports separate storage of the key and the certificate - although you can then concatenate the two.

无论如何，您都需要调用OpenSSL API的20多种不同功能来创建密钥和自签名证书.一个示例在OpenSSL源本身中，位于 demos/x509/mkcert.c

In any case, you'll need to invoke 20+ different functions of the OpenSSL API to create a key and a self-signed certificate. An example is in the OpenSSL source itself, in demos/x509/mkcert.c

有关更详细的答案，请参见下面的内森·奥斯曼的解释.

For a more detailed answer, please see Nathan Osman's explanation below.

这篇关于使用OpenSSL以编程方式创建X509证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！