In this case I'm using SHA256 for the hash. X509_set_notAfter(cert, ASN1_TIME_set(NULL, notAfter)) X509_set_notBefore(cert, ASN1_TIME_set(NULL, notBefore)) X509_set_subject_name(cert, subjectName) X509_set_serialNumber(cert, BN_to_ASN1_INTEGER(serialNumber, NULL)) The basic code to sign a certificate is straightforward. Being a CA requires a lot more than the ability to sign simple certs. My pgopenssltypes extension will have the ability to sign digital certificates for testing purposes but the real work will be done in a possible pgca extension. I’m pretty sure I’ve already discussed signing digital certificates with the Bounc圜astle (java) library.) C:OpenSSL-Win64bin> openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key C:windowssystem32>cd C:OpenSSL-Win64bin C:OpenSSL-Win64bin>openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey. (At least I don’t recall doing so – I might have discussed this in the early days of the blog. Note: You would need to enter rest of the certificate information per below. While working on the pgopenssltypes extension I realized that I haven’t discussed how to sign digital certificates using the OpenSSL library.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |