With the release of CyaSSL 1.8.0, users are now able to create CA signed x509 v3 certificates. Certificate generation is turned off by default, but may be turned on during the ./configure process with the following option or by defining CYASSL_CERT_GEN in Windows or non-standard environments:
–enable-certgen
Currently CyaSSL only supports the MD5_WITH_RSA signature algorithm type (which is by far the most common) and the creation of self signed certificates. The next release will allow other signers and other signature types. To create a self-signed certificate the general steps taken by the user include:
1. Create the Cert structure
2. Initialize the Cert structure
3. Complete the information in the CertName structure
4. Generate the self-signed certificate using any valid RsaKey and RNG.
The result of the above steps will be a DER formatted certificate which may also be converted into a PEM formatted certificate if desired. For more information on how CyaSSL generates RSA keys, please see the CyaSSL Extensions Reference, Section X. For complete details of the above steps to create a self-signed certificate and how you can create a CA signed certificate, see the CyaSSL Extensions Reference, Section XI.
For more information about CyaSSL, please contact info@yassl.com.