1 Reply by Jori

(6 replies, posted in wolfCrypt)

Hi,

I have managed to generate the certificate request but I have not yet managed to parse them in order to generate an certificate.

I am currently trying this:

InitDecodedCert(&certDecode, tmp, (word32)bytes, 0);
   ret = ParseCert(&certDecode, CERTREQ_TYPE, NO_VERIFY, 0);

And it produces an -144 error, ASN object id error, invalid id.

So I am not doing it right probably... . I have also tested the type used in the examples CA_TYPE and VERIFY setting and always the same error.

I have also checked the certificate request with openssl via:

openssl req -in test_req.pem -noout -text

And it produces the output attached to this post, with no complaints. And I can also use the produced request to generate a certificate.

Kind regards,

Jori Winderickx

Go to forum: wolfCrypt

2 Reply by Jori

(6 replies, posted in wolfCrypt)

Hi chrisc,

Thank you for your reply, I will try it out. Is it also possible to load an CSR from a file?

Kind regards,

Jori

Go to forum: wolfCrypt

3 Topic by Jori

(6 replies, posted in wolfCrypt)

Hi,

I am trying to code an certificate generator so that it I can sign an certificate request with an CA key.

I did find a lot of examples on how to create a certificate with both the keys of requester and issuer but I do not have the key file of the requester only an certificate or an request for an certificate.

So, I have seen that it is possible to create certificate requests with MakeCertReq() but how do you use the request for creating an certificate?

With openssl you would do this e.g.:
openssl x509 -req -in server-request.pem -days 1000
   -sha1 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01
                                             > server-cert.pem

Kind regards,

Jori

Go to forum: wolfCrypt