On 5/3/07, Janet N <[EMAIL PROTECTED]> wrote:
Hi Kyle,
Thanks for the prompt response.
But I think my problem is my project doesn't want to produce the public key
from openssl rsa command, because we need to get the public key in the rsa
PEM format at the time when we issued the certificate and upload it to our
production database.
Why do you need to get the public key at the time the certificate is
issued? You already have it.
You don't have, in the words of your original email, "a public key
from the CA", you have "the public key returned to you with a
signature from the CA after you sent it to the CA".
The CA can extract the public key from the certificate request.
The certificate contains the public key.
But you already have the public key, since you sent the certificate
request in the first place, and you have the private key that the
public key was generated with.
And the CA doesn't have a copy of the user private key
to generate this openssl rsa public key.
Right, but the RSA public key is part of the certificate signing
request. The only way it can be there is for you to have it in the
first place.
So we need somehow to be able to
get the rsa public key from the user certificate.
This does not follow, since without the private key, the user
certificate cannot be used for authentication anyway, and the public
key is similarly useless.
But, you could try:
$ openssl x509 -inform PEM -in file.pem -x509toreq -out file.csr
$ openssl req -in file.csr -pubkey -noout
(the '-noout' can be replaced with '-outform pem -out publickey.pem'
if you need it to go to a file.)
-Kyle H
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
