使用 OpenSSL 以编程方式创建 X509 证书 [英] Programmatically Create X509 Certificate using OpenSSL
问题描述
我有一个 C/C++ 应用程序,我需要创建一个包含公钥和私钥的 X509 pem 证书.证书可以是自签名的,也可以是未签名的,无所谓.
I have a C/C++ application and I need to create a X509 pem certificate containing both a public and private key. The certificate can be self signed, or unsigned, doesn't matter.
我想在应用程序中执行此操作,而不是在命令行中执行此操作.
I want to do this inside an app, not from command line.
哪些 OpenSSL 函数会为我做这件事?任何示例代码都是奖励!
What OpenSSL functions will do this for me? Any sample code is a bonus!
推荐答案
您需要先熟悉术语和机制.
You'll need to familiarize yourself with the terminology and mechanisms first.
X.509 证书,根据定义,不包括私钥.相反,它是公钥的 CA 签名版本(以及 CA 放入签名中的任何属性).PEM 格式实际上只支持单独存储密钥和证书 - 尽管您可以将两者连接起来.
An X.509 certificate, by definition, does not include a private key. Instead, it is a CA-signed version of the public key (along with any attributes the CA puts into the signature). The PEM format really only supports separate storage of the key and the certificate - although you can then concatenate the two.
在任何情况下,您都需要调用 OpenSSL API 的 20 多个不同功能来创建密钥和自签名证书.一个例子是 OpenSSL 源代码本身,在 demos/x509/mkcert.c
In any case, you'll need to invoke 20+ different functions of the OpenSSL API to create a key and a self-signed certificate. An example is in the OpenSSL source itself, in demos/x509/mkcert.c
有关更详细的答案,请参阅下面的内森·奥斯曼 (Nathan Osman) 的解释.
For a more detailed answer, please see Nathan Osman's explanation below.
这篇关于使用 OpenSSL 以编程方式创建 X509 证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!