Topic: creating a PFX file from DER self signed cert and private key

Trying to creating a PFX file from DER self signed cert and private key.

The self signed cert works fine, and saving the cert to DER file, opens fine on windows.

Saving to PFX gives an invalid certificate file password when opening in windows.
These are the steps i am using to save from DER to PFX

void CreateServerSelfSignedCertificate()
{
    Cert* selfSignedCert;
    RsaKey* selfSignedPrivateKey;
    unsigned char* derSelfSignedCert;
    unsigned char* derPrivateKey;

    // Create Self Signed cert in memory
    selfSignedCert = new Cert();
    if (wc_InitCert(selfSignedCert) < 0)
    {
        delete selfSignedCert;
        return false;
    }

    strncpy(selfSignedCert->issuer.country, "AU", CTC_NAME_SIZE);
    strncpy(selfSignedCert->issuer.state, "WA", CTC_NAME_SIZE);
    strncpy(selfSignedCert->issuer.locality, "Perth", CTC_NAME_SIZE);
    strncpy(selfSignedCert->issuer.org, "Test Org", CTC_NAME_SIZE);
    strncpy(selfSignedCert->issuer.unit, "Support", CTC_NAME_SIZE);
    strncpy(selfSignedCert->issuer.commonName, "test.com", CTC_NAME_SIZE);
    strncpy(selfSignedCert->issuer.email, "wolfssl@test.com", CTC_NAME_SIZE);

    RNG    rng;
    int    ret;
    ret = wc_InitRng(&rng);
    if (ret != 0)
    {
        return false;
    }

    selfSignedPrivateKey = new RsaKey();
    ret = wc_InitRsaKey(selfSignedPrivateKey, 0);
    if (ret != 0)
    {
        delete selfSignedPrivateKey;
        selfSignedPrivateKey = NULL;
        wc_FreeRng(&rng);
        return false;
    }
    ret = wc_MakeRsaKey(selfSignedPrivateKey, 2048, 65537, &rng);
    if (ret != 0)
    {
        delete selfSignedPrivateKey;
        selfSignedPrivateKey = NULL;
        wc_FreeRng(&rng);
        return false;
    }

    derSelfSignedCert = new byte[DER_BUF_LEN];
    int derSelfSignedCertLength = wc_MakeSelfCert(selfSignedCert, derSelfSignedCert, DER_BUF_LEN, selfSignedPrivateKey, &rng);
    if (derSelfSignedCertLength < 0)
    {
        wc_FreeRng(&rng);
        return false;
    }

    wc_FreeRng(&rng);
    derPrivateKey = new byte[DER_BUF_LEN];
    int  derPrivateKeyLength = wc_RsaKeyToDer(selfSignedPrivateKey, derPrivateKey, DER_BUF_LEN);
    if (derPrivateKeyLength < 0)
    {
        /* derSz contains error */;
        delete derPrivateKey;
        derPrivateKey = NULL;
        return false;
    }

    //--------------------

    /* convert cert from DER to internal WOLFSSL_X509 struct */
    //WOLFSSL_X509* x509cert = wolfSSL_X509_d2i(NULL, derSelfSignedCert, derSelfSignedCertLength);
    //if (x509cert == NULL)
    //{
    //    return false;
    //}

    ///* extract PUBLIC KEY from cert */
    //WOLFSSL_EVP_PKEY* pubKeyTmp = wolfSSL_X509_get_pubkey(x509cert);
    //if (pubKeyTmp == NULL)
    //{
    //    return false;
    //}
    WC_PKCS12* pkcs12 = wc_PKCS12_create("password", 8, "test.com", derPrivateKey, derPrivateKeyLength, derSelfSignedCert, derSelfSignedCertLength, NULL, PBE_SHA1_DES3, PBE_SHA1_DES3, 0, 0, 0, NULL);

    WOLFSSL_BIO* bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());

    int rc = wolfSSL_i2d_PKCS12_bio(bio, pkcs12);

    const char* pfxFilename = "C:\\temp\\sslcertificate.pfx";
    FILE* fd = fopen(pfxFilename, "w");
    if (fd != NULL)
    {
        fwrite(bio->mem_buf->data, 1, bio->mem_buf->length, fd);
        //fwrite(pkcs12->safe->data, 1, pkcs12->safe->dataSz, fd);
        fclose(fd);
    }
}

Share

Re: creating a PFX file from DER self signed cert and private key

Hi damian.slee,

In the wolfSSL bundle download there is file wolfssl-4.3.0/tests/api.c and a function test_wolfSSL_PKCS12 that shows creating a pkcs12 object (or pfx or .p12) from DER formatted certs.

Can you use that as a reference and let us know how it goes?

Thanks!

Warm Regards,

K