Over the past year we have had multiple inquiries regarding Certificate Signing Request (CSR) generation from users looking to programatically generate a CSR using wolfSSL. To better assist our users with this feature we have setup a ready-made example in our GitHub examples repository and we are adding a section about CSR functionality to the wolfSSL manual. The example mentioned can be found using the link below:
https://github.com/wolfSSL/wolfssl-examples/blob/master/certgen/csr_example.c
The new manual section will be in chapter 7: Section 7.9 “Certificate Signing Request (CSR) Generation” and is located on our website here: https://www.wolfssl.com/docs/wolfssl-manual/ch7/
Some notes on CSR’s and wolfSSL:
To configure wolfSSL for CSR generation please add these options:
./configure --enable-certreq --enable-certgen
wolfSSL can generate a CSR for a requesting party which is then be sent to a Certificate Authority for use in issuing a certificate for that party.
wolfSSL can either generate a certificate from scratch with all mandatory fields set or it can generate a CSR from scratch with optional fields excluded.
Limitation:
As some items are deemed “optional” in a CSR that are otherwise “mandatory” in a certificate, wolfSSL’s parsing engine does not yet support consuming a CSR for use in generating a certificate. The wolfSSL parsing engine strictly checks all features required in a certificate and considers them to be mandatory. Passing in a CSR that does not contain these features results in an error from the parsing engine at this time. wolfSSL does not yet have a timeline for adding the additional parsing rules to allow CSR consumption but if this is a feature you would like to see added please send the wolfSSL team a note at support@wolfssl.com so an upvote can be added on your behalf to that feature enhancement! Unique users requesting a specific feature escalates the priority of that feature so let the wolfSSL team know!
If you have any questions concerning CSR generation, feedback on the example provided, or anything else for that matter, please contact us anytime at support@wolfssl.com! Our support staff are ready, wiling, and eager to help our end users in any way they can!