x509newcrt
x509newcrt |
Purpose
Synopsis
function x509newcrt(x509:string, kfile:string, info:array(string) of text):integer
Arguments
|
x509
|
Certificate file to create (PEM format)
|
|
kfile
|
File containing the private key
|
|
info
|
Array describing the certificate properties
|
Return value
0 if success or
-1 in the case of an error.
Example
The following example creates a certificate that is valid for 3 years, using a new RSA key:
info("Version"):="1"
info("Serial"):="123456789"
info("Duration"):=text(365*3)
info("C"):="FR"
info("O"):="My Company"
info("CN"):="www.mycomp.com"
if RSAgenkey(1024,"srv.key")<=0 then
writeln("Failed to create RSA key")
elif x509newcrt("srv.crt","srv.key",info)<>0 then
writeln("Failed to create certificate")
end-if
Further information
1. This function creates a self-signed X509 certificate. Such a certificate can be used to run an HTTPS server but clients of such a server have to disable server certificate verification (see
https_trustsrv) or include this certificate in their trusted certificate file (see
https_cacerts).
2. The routine expects an array with indices defining the following entries (a default value applies if the entry is missing):
The entries
C,
O and
CN are used to generate the
Issuer and
Subject records of the certificate. The provided key is used both as the certificate key (using the public part of the key) and as the signing key.
|
Version
|
Format version of the certificate (default: 1)
|
|
Serial
|
Serial number (default: 1)
|
|
Duration
|
Validity (in days) from the current date (default: 365)
|
|
C
|
Country code (default: system country or 'EU')
|
|
O
|
Organisation name (default: anonymous)
|
|
CN
|
Common Name (typically the host name to authenticate, default: localhost)
|
Related topics
Module