Hi,
How can I create a X.509 certificate including a DSA public key but
not the DSA domain
parameters?
According to Section 2.3.2 of RFC3279 it should be possible to have
this parameters
"inherited" from the issuer.
I have the parameters in dsaparam.pem and have used to following
commands to generate a
new key, a new CA and have its certificate signed by my RootCA:
openssl gendsa -des3 -out "MyCA/ca.key" dsaparam.pem
openssl req -new -x509 -days 10000 -key "MyCA/ca.key" -out "MyCA/ca.crt"
openssl x509 -x509toreq -in "MyCA/ca.crt" -out "MyCA/ca-csr.pem"
-signkey "MyCA/ca.key"
openssl ca -config "RootCA/ca.conf" -out "MyCA-signedby-RootCA.pem" -infiles
"MyCA/ca-csr.pem"
How can I make it not include the DSA domain parameters in the certificate?
Best Regards,
Markus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
