Hello,

Thank you, it works like a charm.
Just have to solve the date problem, now.

 - Emmanuel


Marek Marcola wrote:
> Hello,
> 
> 
>>In the issuer and subject fields, I must include a dnQualifier        which is
>>a thumbprint of the corresponding public key, that is to say  a SHA-1
>>hash of the contents of the SubjectPublicKey BIT STRING in the
>>SubjectPublicKeyInfo field (excluding the DER tag, length, and number of
>>unused bits count in the DER header for the BIT STRING).
>>How can I do that?
> 
> It is not very complicated.
> Suppose you have Certificate Signing Request file (say req.pem).
> You should first extract public key to some file:
>       $ openssl req -in req.pem -pubkey -noout > req_pub_key.pem
> Next from this pub key you should extract ASN.1 SEQUENCE of INTEGER n
> and INTEGER e.
> To display:
>       $ openssl asn1parse -in req_pub_key.pem
>           0:d=0  hl=3 l= 159 cons: SEQUENCE
>           3:d=1  hl=2 l=  13 cons: SEQUENCE
>           5:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>          16:d=2  hl=2 l=   0 prim: NULL
>          18:d=1  hl=3 l= 141 prim: BIT STRING
>       $ openssl asn1parse -in req_pub_key.pem -strparse 18
>           0:d=0  hl=3 l= 137 cons: SEQUENCE
>           3:d=1  hl=3 l= 129 prim: INTEGER :E3295A7F558C3D78D3 ...
>         135:d=1  hl=2 l=   3 prim: INTEGER :010001
> and to save in DER format:
>       $ openssl asn1parse -in req_pub_key.pem -strparse 18 -noout \
>               -out pub_key.der
>       $ openssl asn1parse -in pub_key.der -inform DER
>           0:d=0  hl=3 l= 137 cons: SEQUENCE
>           3:d=1  hl=3 l= 129 prim: INTEGER :E3295A7F558C3D78D3 ...
>         135:d=1  hl=2 l=   3 prim: INTEGER :010001
> and you should make digest of this file:
>       $ cat pub_key.der | openssl dgst -sha1
>       f8aa13223180643bf899eaa6faac94c2aa7bdd73
> 
> Best regards,

-- 
165, avenue Aristide Briand
94230 Cachan
Tel/fax: 01 46 63 29 28
E-mail:  [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to