I'm writing an openssl-based app that uses client and sever certs,
generated using a private root CA. Each client has its own cert and
private key.
For ease of deployment, I'm combining the private key and public cert
into a single file, i.e.:
$ cat client.key client.crt > client.privcrt
Then in the client app, doing:
SSL_CTX_use_certificate_chain_file(ctx, "client.privcrt");
SSL_CTX_use_PrivateKey_file(ctx, "client.privcrt", SSL_FILETYPE_PEM)));
My questions are:
1) is this a reasonable thing to do?
2) if so, is there a standard suffix for the file, rather than .privcrt
which I chose at random?
3) Is there any way to generate this file officially? Catting the two
files together seems like a hack. I'm generating the two files using:
$ openssl genrsa -out client.key 4096
$ openssl req -new -key client.key -out client.csr
....
$ openssl x509 -req -days NNNN -in client.csr \
-CA rootca.crt -CAkey rootca.key -set_serial 01 -out client.crt
--
My Dad used to say 'always fight fire with fire', which is probably why
he got thrown out of the fire brigade.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
