Silviu VLASCEANU wrote:
Hi,
Sorry to bother again, but I still haven't found how to add the
Authority Key ID to a certificate, using openssl.
Please, I need some help with this. The details are below.
Thank you in advance,
--
Silviu
2008/9/3 Silviu VLASCEANU <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>
Hello everybody,
I need to copy the Subject Key ID (SKID) from the CA certificate
to the Authority Key ID (AKID) of a new certificate.
I have extracted the SKID with
AUTHORITY_KEYID *akid = X509_get_ext_d2i(ca_cert,
NID_subject_key_identifier, NULL, NULL);
How can I "put" akid in an X509_EXTENSION so that I can add the
latter to a new certificate with X509_add_ext(x, ex_akid, -1) ?
Thanks a lot,
--
Silviu
In my case, i set aki to this string :
"issuer:always,keyid:always".
It will display :
keyid:[...] // the subject key id (keyid of isser)
DirName:[...] // the dn of issuer's issuer)
serial:[...] // the serail of issuer' issuer.
To set this aki, i use this code :
X509V3_CTX ctx; // create a context
X509V3_set_ctx(&ctx, issuer , son, NULL, NULL, 0);
X509_EXTENSION* ex = X509V3_EXT_conf_nid(NULL, &ctx,
NID_authority_key_identifier , (char*)"issuer:always,keyid:always"));
X509_add_ext( son,ex, -1);
with X509* issuer, * son;
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
