X509getX509PUBKEY returns an internal pointer to the X509PUBKEY structure which encodes the certificate of x. The returned value must not be freed up after use. X509setpubkey attempts to set the public key for certificate x to pkey. The key pkey should be freed up after use. X509getsubjectname returns the subject name of certificate x. The returned value is an internal pointer which MUST NOT be freed. X509setsubjectname sets the issuer name of certificate x to name. The name parameter is copied internally and should be freed up when it is no longer needed.
I'm attempting to use Mbed TLS in place of OpenSSL. I was hoping someone could help me generate equivalent commands using Mbed TLS using cert_write.c as they compare to the following OpenSSL commands:
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
openssl x509 -req -in verificationCert.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out verificationCert.pem -days 500 -sha256
I've reviewed the following topics and understand these comparisons, I'm just missing on the generation of the various forms of the CA which aren't necessarily covered in these documents:'How to generate a self-signed certificate','How to generate a Certificate Request (CSR)','RSA Key Pair generator'
Specifically, I am attempting to emulate the process in the link below using Mbed TLS instead of OpenSSL. I will be attempting the Automatic/Just-in-Time Registration for Device Certificates and am already using Mbed TLS on my device:http://docs.aws.amazon.com/iot/latest/developerguide/device-certs-your-own.html#register-CA-cert
Thanks for any help people can offer. Kirby right back at ya english dub all episodes.
I am not sure what you think is missing. You will need a CA root certificate to generate a device certificate.
In https://tls.mbed.org/kb/how-to/generate-a-self-signed-certificate it explains you how to generate the self signed certificate as a CA certificate, using
You can find an example for a CA certificate in certs.c for the test CA certificate used in mbed TLS examples.
I hope this hint helps
mbed TLS Team member
X509_get_pubkeyso it must not be freed up after use.
X509_get_X509_PUBKEY() returns an internal pointer to the X509_PUBKEY structure which encodes the certificate of x. The returned value must not be freed up after use.
X509_set_pubkey() attempts to set the public key for certificate x to pkey. The key pkey should be freed up after use.
X509_REQ_get_pubkey(), X509_REQ_get0_pubkey(), X509_REQ_set_pubkey() and X509_REQ_get_X509_PUBKEY() are similar but operate on certificate request req.