(top posting for consistency)
Look at the functions named X509_sign(), X509_CRL_sign() and
X509_REQ_to_X509(), those should get you started.
On 22/07/2015 11:57, Anirudh Raghunath wrote:
> Thanks for the quick response. I am currently working with smart cards
> and am using the engine provided by openSC to access the private key
> in the smart card. Long story short I have the EVP_PKEY object with
> me. Can I use this to sign a certificate or some file which can be
> used for SSL client verification.
>
> On Wednesday, 22 July 2015 11:52 AM, Erwann Abalea
> <erwann.abalea at opentrust.com> wrote:
>
>
> Bonjour,
>
> An X.509 certificate is:
>
> Certificate ::= SEQUENCE {
> tbsCertificate TBSCertificate,
> signatureAlgorithm AlgorithmIdentifier,
> signatureValue BIT STRING }
>
> What you produced with ? openssl rsautl -sign ? is the content of the
> ? signatureValue ? element (not its BIT STRING structure, only the
> inner content).
> What is missing is all the rest, and it can?t be produced by the sole
> ? openssl x509 ? ? command.
>
> Please refine your question.
>
>
>> Le 22 juil. 2015 ? 11:17, Anirudh Raghunath
>> <anirudhraghunath at rocketmail.com
>> <mailto:anirudhraghunath at rocketmail.com>> a ?crit :
>>
>> Hello,
>>
>> I have used rsault -sign option to sign a text file which gives me a
>> binary file. I would like to convert this to X509 so that I can use
>> it in a ssl handshake. I understand the command:
>>
>> openssl x509 -inform <format> -in <certfile> -out <cert.pem>
>>
>> is used. I want to know what the parameters would be for a binary
>> input file.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150722/44156e3f/attachment.html>
