News  [SoftwareSite

Latest News
Older News
RSS Feed
 
Complete Projects
Useful Classes
Top Downloads
Message Board
AllAPI.net
 
Send Comments
Software License
Mentalis.org Buttons
Donate
 
Forums -> Security Library Forum
 
create certificates  
by Alex [gnauck at ag-software dot de]
posted on 2003/10/28

Hello,

im fighting for 2 days now with openSSL. But i cant create SSL certificates that work correct. Could somebody explain me which kind of certifiates are the best for the security lib and how to create them.

Alex

by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2003/10/28

OpenSSL as well as the Windows CryptoAPI all use the same type of certificates, namely X509.3. The question should be: how are these certificates stored on disk? There are several file types that can store X509 certificates. OpenSSL uses PEM files and can optionally convert them to PFX files. The CryptoAPI supports PFX and DER files.

The easiest thing to do is to use OpenSSL to generate a certificate [which is stored as a PEM file] and then convert it to a PFX file. Once you have the PFX file, you can import it in our library using the CertificateStore.CreateFromPfxFile method.

You can convert PEM files to PFX files with the following command:
openssl pkcs12 -export -in certificate.pem -inkey key.pem -out
certificate.pfx -name "My Certificate"

Here's some more information about the OpenSSL pkcs12 utility: http://www.mkssoftware.com/docs/man1/openssl_pkcs12.1.asp

by Alex [gnauck at ag-software dot de]
posted on 2003/10/29

Thanx a lot, i will try this

Alex

by Alexander Gnauck [gnauck at ag-software dot de]
posted on 2003/11/01

Hi,

with your hep i got the certificate stuff working now. Why do i need the password when i load from the pfxFile? Is there another way to use a certificates without password.

Alex

by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2003/11/03

The private keys of certificates are usually protected by a password. You can set the password to an empty string, of course, but if someone gets his hands on your PFX file, it'll compromise the private key.

You can install a certificate and its private key in a CertificateStore. A CertificateStore is basically a database of certificates. You do not need a password to open certificates from a certificate store.

 

Copyright © 2002-2007, The Mentalis.org Team. All rights reserved.
This site is located at http://www.mentalis.org/
Send comments to the webmaster.