使用 OpenSSL 以编程方式创建 X509 证书 [英] Programmatically Create X509 Certificate using OpenSSL

问题描述

我有一个 C/C++ 应用程序，我需要创建一个包含公钥和私钥的 X509 pem 证书.证书可以是自签名的，也可以是未签名的，无所谓.

I have a C/C++ application and I need to create a X509 pem certificate containing both a public and private key. The certificate can be self signed, or unsigned, doesn't matter.

我想在应用程序中执行此操作，而不是在命令行中执行此操作.

I want to do this inside an app, not from command line.

哪些 OpenSSL 函数会为我做这件事?任何示例代码都是奖励！

What OpenSSL functions will do this for me? Any sample code is a bonus!

推荐答案

您需要先熟悉术语和机制.

You'll need to familiarize yourself with the terminology and mechanisms first.

X.509 证书，根据定义，不包括私钥.相反，它是公钥的 CA 签名版本(以及 CA 放入签名中的任何属性).PEM 格式实际上只支持单独存储密钥和证书 - 尽管您可以将两者连接起来.

An X.509 certificate, by definition, does not include a private key. Instead, it is a CA-signed version of the public key (along with any attributes the CA puts into the signature). The PEM format really only supports separate storage of the key and the certificate - although you can then concatenate the two.

在任何情况下，您都需要调用 OpenSSL API 的 20 多个不同功能来创建密钥和自签名证书.一个例子是 OpenSSL 源代码本身，在 demos/x509/mkcert.c

In any case, you'll need to invoke 20+ different functions of the OpenSSL API to create a key and a self-signed certificate. An example is in the OpenSSL source itself, in demos/x509/mkcert.c

有关更详细的答案，请参阅下面的内森·奥斯曼 (Nathan Osman) 的解释.

For a more detailed answer, please see Nathan Osman's explanation below.

这篇关于使用 OpenSSL 以编程方式创建 X509 证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！