> The only thing that I need is to certify the public key of
> the client by the server, therefore the common name and
> related infos are not used and have no meaning in this
> context. Moreover, the certification chain is local/private,
> so it does not involve interactions with external (public) CAs.
> Finally, my question was related to how to do this with the openssl
> command or with calls to the functions in the OpenSSL library.
Fill in the certificate structure with the appropriate fields and sign it. It's really that simple.
X509_new
X509_set_version
ASN1_INTEGER_set(X509_get_serialNumber(), )
X509_set_issuer_name
X509_set_subject_name
X509_set_notBefore
X509_set_notAfter
X509_set_pubkey
X509_add_ext (if needed, as needed)
X509_sign
PEM_write_bio_X509/i2d_X509 (or whatever you want to do with the cert)
DS
______________________________________________________________________
OpenSSL Project
http://www.openssl.orgUser Support Mailing List
openssl-users@...
Automated List Manager
majordomo@...
