On Dec 2, 6:26 pm, Robert Relyea <rrel...@redhat.com> wrote: > On 12/02/2011 07:46 AM, passfree wrote:> I am writing an experimental tool > and I need to generate an SSL server > > on the fly. Needless to say, NSS seams like the perfect choice but > > here is where I am stuck. > > > SSL_ConfigSecureServer excepts a cert a key and a type. I've tried to > > look into certutil to see how these are generated but I find it really > > confusing. Can someone point me towards the right direction how to > > make these stuff in memory without the need to use the certutill? > > Cert generation needs more than just certutil. You'll need to attach to > some CA and have it sign your certificate. You may want to look at > dogtag (an open source CA). > > For testing, you can look at the examples in the NSS tests: > mozilla/security/nss/tests/cert/certs.sh for how to generate cert chains > and keys in certutil. > > > I just need to generate a random CERTCertificate, the corresponding > > SECKEYPrivateKey. I can get the type myself. > > > Your help is much appreciated. > > If you want to do that programatically, look at certutil's code for > generating a cert request. That will give you a private key and a > corresponding cert request to send to a CA. The API for taking to a CA > is CA specific, but the CA will take your cert request along with your > authorization info (specific to the CA), the CA will return a DER cert. > You can then call > CERT_NewTempCertificate() on the blob to get a > CERTCertificate(), then call > PK11_ImportCertForKey() on the CERTCertificate() > so the NSS will pair it up with the already existing private key (NSS > will automatically find the private key). > > bob
Is it possible to start NSS_Init without creating dbs? I guess what I am asking if I can have all of this in memory rather than on disc. I need to create a self-contained executable. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
