Hello, Thank you, it works like a charm. Just have to solve the date problem, now.
- Emmanuel Marek Marcola wrote: > Hello, > > >>In the issuer and subject fields, I must include a dnQualifier which is >>a thumbprint of the corresponding public key, that is to say a SHA-1 >>hash of the contents of the SubjectPublicKey BIT STRING in the >>SubjectPublicKeyInfo field (excluding the DER tag, length, and number of >>unused bits count in the DER header for the BIT STRING). >>How can I do that? > > It is not very complicated. > Suppose you have Certificate Signing Request file (say req.pem). > You should first extract public key to some file: > $ openssl req -in req.pem -pubkey -noout > req_pub_key.pem > Next from this pub key you should extract ASN.1 SEQUENCE of INTEGER n > and INTEGER e. > To display: > $ openssl asn1parse -in req_pub_key.pem > 0:d=0 hl=3 l= 159 cons: SEQUENCE > 3:d=1 hl=2 l= 13 cons: SEQUENCE > 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption > 16:d=2 hl=2 l= 0 prim: NULL > 18:d=1 hl=3 l= 141 prim: BIT STRING > $ openssl asn1parse -in req_pub_key.pem -strparse 18 > 0:d=0 hl=3 l= 137 cons: SEQUENCE > 3:d=1 hl=3 l= 129 prim: INTEGER :E3295A7F558C3D78D3 ... > 135:d=1 hl=2 l= 3 prim: INTEGER :010001 > and to save in DER format: > $ openssl asn1parse -in req_pub_key.pem -strparse 18 -noout \ > -out pub_key.der > $ openssl asn1parse -in pub_key.der -inform DER > 0:d=0 hl=3 l= 137 cons: SEQUENCE > 3:d=1 hl=3 l= 129 prim: INTEGER :E3295A7F558C3D78D3 ... > 135:d=1 hl=2 l= 3 prim: INTEGER :010001 > and you should make digest of this file: > $ cat pub_key.der | openssl dgst -sha1 > f8aa13223180643bf899eaa6faac94c2aa7bdd73 > > Best regards, -- 165, avenue Aristide Briand 94230 Cachan Tel/fax: 01 46 63 29 28 E-mail: [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]