使用openssl编码实现一本自签名证书的示例

最新推荐文章于 2025-04-07 10:53:03 发布

原创最新推荐文章于 2025-04-07 10:53:03 发布 · 979 阅读

1 ·

CC 4.0 BY-SA版权

文章标签：

#null #integer

网络安全专栏收录该内容

7 篇文章

订阅专栏

本文介绍如何使用OpenSSL库创建X.509数字证书。包括设置证书版本为V3，定义序列号，设定有效时间，并从证书请求中获取主体名称及公钥等关键步骤。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

#include <openssl/conf.h>

#include <openssl/bio.h>

#include <openssl/err.h>

#include <openssl/bn.h>

#include <openssl/txt_db.h>

#include <openssl/evp.h>

#include <openssl/x509.h>

#include <openssl/x509v3.h>

#include <openssl/objects.h>

#include <openssl/pem.h>

#include <openssl/engine.h>

#include <openssl/pkcs12.h>

#include <memory.h>

#include <malloc.h>

/*版本号*/

#define MA_X509_V1 0

#define MA_X509_V2 1

#define MA_X509_V3 2

/*序列号*/

#define MA_SN 1111

X509_REQ *req = NULL;

X509_NAME *pSubjectName=NULL;

X509_NAME_ENTRY *ent=NULL;

EVP_PKEY *pNewRsaKey = NULL;

EVP_MD *digest=NULL;

void add_subject_entity(char *key, char *value)

{

int nid;

X509_NAME_ENTRY *ent;

if( (nid =OBJ_txt2nid(key)) == NID_undef )

{

printf("add_subject_entity:concert nid error");

return ;

}

ent = X509_NAME_ENTRY_create_by_NID(NULL,nid,MBSTRING_UTF8,

(unsigned char*)value,-1);

if(ent == NULL)

{

printf("add_subject_entity:create ent error");

return;

}

if(X509_NAME_add_entry(pSubjectName,ent,-1,0) != 1)

{

printf("add_subject_entity:add to subjectname error");

return;

}

return;

}

void create_req_demo()

{

req = X509_REQ_new();

pNewRsaKey = EVP_PKEY_new();

EVP_PKEY_assign_RSA(pNewRsaKey, RSA_generate_key(512,0x10001,NULL,NULL));

X509_REQ_set_pubkey(req,pNewRsaKey);

pSubjectName = X509_NAME_new();

if(pSubjectName == NULL)

{

printf("create_req_demo:create subjectname error ");

return;

}

add_subject_entity("countryName", "CN");

add_subject_entity("stateOrProvinceName", "ZJ");

add_subject_entity("localityName", "HZ");

add_subject_entity("organizationName", "zhijiang");

add_subject_entity("commonName", "piky");

if(1 != X509_REQ_set_subject_name(req,pSubjectName))

{

printf("create_req_demo:add subjectname to req error");

}

void create_cert_demo()

{

int ret = 0;

X509 *certTmp =NULL;

create_req_demo();

/*申请内存*/

certTmp = X509_new();

if (NULL == certTmp)

{

printf("内存申请失败");

return;

}

/*设置版本号:V3*/

ret = X509_set_version(certTmp, MA_X509_V3);

if (ret != 1)

{

printf("设置证书版本错误:0x%x",ret);

return;

}

/*设置序列号*/

ret = ASN1_INTEGER_set(X509_get_serialNumber(certTmp),MA_SN);

if (ret != 1)

{

printf("设置序列号错误:0x%x", ret);

return;

}

/*设置开始时间*/

if(!X509_gmtime_adj(X509_get_notBefore(certTmp),0))

{

printf("设置开始时间失败:0x%x", ret);

return;

}

if (!X509_gmtime_adj(X509_get_notAfter(certTmp), (long)60*60*24*10))

{

printf("设置结束时间失败");

}

if (!X509_set_subject_name(certTmp, X509_REQ_get_subject_name(req)))

{

printf("设置请求失败");

}

EVP_PKEY *tmppkey = X509_REQ_get_pubkey(req);

if (!tmppkey || !X509_set_pubkey(certTmp,tmppkey))

{

EVP_PKEY_free(tmppkey);

printf("设置公钥失败");

}

EVP_PKEY_free(tmppkey);

X509_NAME *pName=X509_NAME_new();

pName = X509_REQ_get_subject_name(req);

if (!X509_set_issuer_name(certTmp, pName))

{

printf("设置签发者名字失败");

}

//digest = EVP_sha1();

X509_sign(certTmp, pNewRsaKey, EVP_sha1());

BIO *pbio;

pbio = BIO_new(BIO_s_mem());

PEM_write_bio_X509(pbio,certTmp);

BUF_MEM * bptr;

BIO_get_mem_ptr(pbio,&bptr);

char *buf = (char *)malloc(bptr->length);

if(NULL == buf)

{

printf("malloc error");

return;

}

memcpy(buf, bptr->data, bptr->length);

printf("%s ", buf);

}

int main(int argc, char* argv[])

{

create_cert_demo();

return 0;

}