Certificate chain utilities
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Certificate chain utilities
by Roger Boden
::
Rate this Message:
Hello, I need to create a certificate chain. The inputs are my own certificate, a list of root certificates, a list of intermediate certificates and the distinguished name of the root CA the peer trusts. The certificate chain I need to create shall start with my own cert, and end with the root CA the peer trusts. Are there any utility functions in openssl that do this? When browsing through the code and header files I found that X509_STORE and X509_STORE_CTX seem to do similar things to what I am searching for. However, I have not been able to find any documentation for these functions. Is there any documentation available somewhere that I have missed? Regards Roger _________________________________________________________________ Trött på jobbet? Hitta nya utmaningar här! http://msn.jobbguiden.se/jobseeker/resumes/postresumenew/postresumestart.aspx?sc_cmp2=JS_INT_SEMSN_NLPCV______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@... |
|
|
Re: Certificate chain utilities
by Patrick Patterson-3
::
Rate this Message:
On May 13, 2008 08:42:13 am Roger No-Spam wrote:
> Hello, > > I need to create a certificate chain. The inputs are my own certificate, a > list of root certificates, a list of intermediate certificates and the > distinguished name of the root CA the peer trusts. The certificate chain I > need to create shall start with my own cert, and end with the root CA the > peer trusts. Are there any utility functions in openssl that do this? > > When browsing through the code and header files I found that X509_STORE and > X509_STORE_CTX seem to do similar things to what I am searching for. > However, I have not been able to find any documentation for these > functions. Is there any documentation available somewhere that I have > missed? > look at Pathfinder (http://pathfinder-pki.googlecode.com). Remember, there are LOTS of rules for validating certificates, and just checking that there is a signature path between two certs is insufficient in most cases, if you want to have real trust. Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@... |
| Free Forum Powered by Nabble | Forum Help |