1 Topic by JhihPing (edited by JhihPing 2014-07-20 06:25:23)

  • Registered: 2014-07-17
  • Posts: 1

Topic: How to generate a CA with extensions include the key id?

Hi,

When I use "test.c" to generate a CA, the .PEM files doesn't have "Subject Key Identifier" and "Authority Key Identifier" options in extensions.

And I trace the code to discover below:
EncodeCert(...) in asn.c:

   /* CA */
    if (cert->isCA) {
        der->caSz = SetCa(der->ca);
        if (der->caSz == 0)
            return CA_TRUE_E;
    }
    else
        der->caSz = 0;

    /* extensions, just CA now */
    if (cert->isCA) {
        der->extensionsSz = SetExtensions(der->extensions,
                                          der->ca, der->caSz, TRUE);
        if (der->extensionsSz == 0)
            return EXTENSIONS_E;
    }
    else
        der->extensionsSz = 0;

I can't find about this feature. I want to generate a CA that is similar with "ca-cert.pem" and "server-cert.pem". Could you help me how to make a CA with "Subject Key Identifier" and "Authority Key Identifier" options?

Thanks.

BR,
JhihPing

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 647

Re: How to generate a CA with extensions include the key id?

Hi JhihPing,

Our certificate generation functionality doesn't currently support adding Subject Key Identifier or Authority Key Identifier options yet.  How important is this functionality for you?

Thanks,
Chris

https://www.wolfssl.com

chrisc's Website

Share