[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: Signing an already existing certificate
From:       Dr Stephen Henson <drh () celocom ! com>
Date:       1999-07-30 10:46:37
[Download RAW message or body]

Julio Sánchez Fernández wrote:
> 
> If I do openssl x509 -x509toreq, I need a private key.  However,
> function X509_to_X509_REQ allows the pkey argument to be NULL.
> 
> Why do I need this?  Can I just modify x509.c not to insist in
> finding the private key?
> 

The private key is needed to sign the certificate request.

If the private key is absent then the signature on the certificate
request will be invalid. Some software might tolerate an invalid
signature on a certificate request: but they shouldn't.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: shenson@drh-consultancy.demon.co.uk 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: drh@celocom.com PGP key: via homepage.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org

[prev in list] [next in list] [prev in thread] [next in thread]