On 2009.05.19 at 15:24:43 +0530, naveen.bn wrote: > Thank you . > > Can i include the public key generated below to a certificate and if > possible how can it be done. > > openssl rsa -pubout -in priv.pem -out pub.pem
I think there is no easy way to do it. Certificates are typically generated from CSRs. CSR, besides public key, include key owner name (subject) and may be some extension. And it also have to include proof of posession - some means to ensure that person submitting request really posess private part of this keypair. It is typically done by signing CSR with private key. It also guarantees that request haven't been modified during transmission - CA checks signature under CSR using public key from this CSR, and process request only if it is valid. So, usially you need private key to create CSR. But really, there is nothing impossible. When constructing certificate CA needs to take request apart, build certificate structure from these parsts (adding it's own issuer info and validity dates) and sign it with CA key. It is all done using OpenSSL library API. So, nothing prevents you from looking into source code of openssl req utility, which manages certificate requests and certificates, and write your own program which would create certificate from public key and textual information about certificate owner, and sign it with some other (CA) private key. Validation of the fact that this public key really belongs to person/server which data you put into subject field would be than your responsibility. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
