opensslssl-certificatex509pkix

Programmatically Create X509 Certificate using OpenSSL


I have a C/C++ application and I need to create a X509 pem certificate containing both a public and private key. The certificate can be self signed, or unsigned, doesn't matter.

I want to do this inside an app, not from command line.

What OpenSSL functions will do this for me? Any sample code is a bonus!


Solution

  • You'll need to familiarize yourself with the terminology and mechanisms first.

    An X.509 certificate, by definition, does not include a private key. Instead, it is a CA-signed version of the public key (along with any attributes the CA puts into the signature). The PEM format really only supports separate storage of the key and the certificate - although you can then concatenate the two.

    In any case, you'll need to invoke 20+ different functions of the OpenSSL API to create a key and a self-signed certificate. An example is in the OpenSSL source itself, in demos/x509/mkcert.c

    For a more detailed answer, please see Nathan Osman's explanation below.