Right now when the device boots up, it will check the common name of the cert with the IP address. If they don't match, a new cert will generated.
This is good, but since it's a new self signed cert, I will have to install it into window certificate store in order for it to work. This is not very ideal to do for every time the IP address change. If I can use the CA to sign the cert, it will be perfect. in that case I will only need to trust the CA once.
I try to make a new function base on SSL_CreateNewSelfSignedCert(). I see there are a few functions in wolfssl library I can use, but I just don't know how to use them correctly without the instructions/comments.
referring to these functions in C:\nburn\include\crypto\wolfssl\wolfcrypt\asn_public.h
Code: Select all
WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, void* key, WC_RNG* rng); WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, ecc_key*, WC_RNG*); #ifdef WOLFSSL_CERT_REQ WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz, int, void*); WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, RsaKey*, ecc_key*); #endif WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer, word32 buffSz, int keyType, void* key, WC_RNG* rng); WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer, word32 derSz, RsaKey*, ecc_key*, WC_RNG*);