sign the auto gen cert
Posted: Wed Apr 07, 2021 12:45 pm
How do I use my own CA to sign the auto gen certificate? I want to upload my own CA to the module, and every time I call the function SSL_CreateNewSelfSignedCert(), using that CA to sign the cert instead generate a new cert that has a same subject and issuer.
Right now when the device boots up, it will check the common name of the cert with the IP address. If they don't match, a new cert will generated.
This is good, but since it's a new self signed cert, I will have to install it into window certificate store in order for it to work. This is not very ideal to do for every time the IP address change. If I can use the CA to sign the cert, it will be perfect. in that case I will only need to trust the CA once.
I try to make a new function base on SSL_CreateNewSelfSignedCert(). I see there are a few functions in wolfssl library I can use, but I just don't know how to use them correctly without the instructions/comments.
referring to these functions in C:\nburn\include\crypto\wolfssl\wolfcrypt\asn_public.h
Right now when the device boots up, it will check the common name of the cert with the IP address. If they don't match, a new cert will generated.
This is good, but since it's a new self signed cert, I will have to install it into window certificate store in order for it to work. This is not very ideal to do for every time the IP address change. If I can use the CA to sign the cert, it will be perfect. in that case I will only need to trust the CA once.
I try to make a new function base on SSL_CreateNewSelfSignedCert(). I see there are a few functions in wolfssl library I can use, but I just don't know how to use them correctly without the instructions/comments.
referring to these functions in C:\nburn\include\crypto\wolfssl\wolfcrypt\asn_public.h
Code: Select all
WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz,
int keyType, void* key, WC_RNG* rng);
WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
ecc_key*, WC_RNG*);
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz,
int, void*);
WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
RsaKey*, ecc_key*);
#endif
WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer,
word32 buffSz, int keyType, void* key,
WC_RNG* rng);
WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer,
word32 derSz, RsaKey*, ecc_key*, WC_RNG*);