Topic: Generate certificate from certificate request

Hi,

I am trying to code an certificate generator so that it I can sign an certificate request with an CA key.

I did find a lot of examples on how to create a certificate with both the keys of requester and issuer but I do not have the key file of the requester only an certificate or an request for an certificate.

So, I have seen that it is possible to create certificate requests with MakeCertReq() but how do you use the request for creating an certificate?

With openssl you would do this e.g.:
openssl x509 -req -in server-request.pem -days 1000
   -sha1 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01
                                             > server-cert.pem

Kind regards,

Jori

Share

Re: Generate certificate from certificate request

Hi Jori,

After you've created a CSR with wc_MakeCertReq(), you can call wc_SignCert() to sign it with a CA key.  See <wolfssl_root>/wolfcrypt/test/test.c for an example.

Best Regards,
Chris

Re: Generate certificate from certificate request

Hi chrisc,

Thank you for your reply, I will try it out. Is it also possible to load an CSR from a file?

Kind regards,

Jori

Share

Re: Generate certificate from certificate request

Hi,

I have managed to generate the certificate request but I have not yet managed to parse them in order to generate an certificate.

I am currently trying this:

InitDecodedCert(&certDecode, tmp, (word32)bytes, 0);
   ret = ParseCert(&certDecode, CERTREQ_TYPE, NO_VERIFY, 0);

And it produces an -144 error, ASN object id error, invalid id.

So I am not doing it right probably... . I have also tested the type used in the examples CA_TYPE and VERIFY setting and always the same error.

I have also checked the certificate request with openssl via:

openssl req -in test_req.pem -noout -text

And it produces the output attached to this post, with no complaints. And I can also use the produced request to generate a certificate.

Kind regards,

Jori Winderickx

Post's attachments

Analyse_CSR.png
Analyse_CSR.png 35.92 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

5 (edited by adarshr.r6 2022-01-23 03:22:18)

Re: Generate certificate from certificate request

Hi,

were you able to resolve this issue ? (-144 error, ASN object id error, invalid id) .I have been stuck with this  issue for some days. Could you please let me know the solution,If you have managed to resolve it ?

Share

Re: Generate certificate from certificate request

To my great regret, I am adding to the previous comment. The problem is the same, I don't know how to solve it. sad

Share

Re: Generate certificate from certificate request

@adarshr.r6 and @SheilaLyons

We have some excellent CSR examples here:
https://github.com/wolfSSL/wolfssl-exam … er/certgen

If you still have questions, please feel free to email support@wolfssl.com to open a ticket.