I have a C/C++ application and I need to create a X509 pem certificate containing both a public and private key. The certificate can be self signed, or unsigned, doesn't matter.
I want to do this inside an app, not from command line.
What OpenSSL functions will do this for me? Any sample code is a bonus!
Any chance of doing this via a system call from within your app? Several good reasons for doing this:
Licensing: Calling the openssl executable arguably separates it from your application and may provide certain advantages. Disclaimer: consult a lawyer on this.
Documentation: OpenSSL comes with phenomenal command-line documentation that greatly simplifies a potentially complicated tool.
Testability: you can exercise OpenSSL from the command line until you understand exactly how to create your certs. There are a lot of options; expect to spend about a day on this until you get all the details right. After that, it's trivial to incorporate the command into your app.
If you choose to use the API, check the openssl-dev developers' list on www.openssl.org.
Good luck!
I think you'll need to familiarize yourself with the terminology and mechanisms first. An X.509 certificate, by definition, does not include a private key. Instead, it is a CA-signed version of the public key (along with any attributes the CA puts into the signature). The PEM format really only supports separate storage of the key and the certificate - although you can then concatenate the two.
In any case, you'll need to invoke 20+ different functions of the OpenSSL API to create a key and a self-signed certificate. An example is in the OpenSSL source itself, in demos/x509/mkcert.c