On Wed, Jun 06, 2007, Chaz. wrote: > I have a need to create X509 Requests that will be authenticated by an > external CA. In creating the request do I need to sign it? >
You need to use the private key corresponding to the public key in the request. > I also have seen something strange that I am trying to figure out. In > the request I place a 'subjectAltName' extension. If I convert the > request to a string and display it I can see the extension. After I sign > it the subjectAltName extension doesn't show up again. Is this to be > expected? > You have to encode the correct structure. In requests there is a special attribute called "request extensions" which contains all the requested extensions. Check out: demos/x509/mkreq.c Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
