virtual P6R::P6ERR P6R::p6IGenCerts::genCertificate ( P6CERTRDN *  pDN, P6UINT32  numDN, p6ICryptoKey *  pPublicKey, p6ICryptoKey *  pPrivateKey, p6ICert *  pCACertificate, P6UINT32  secondsToExpire, P6CERTEXTENSION *  pExtensionSet, P6UINT32  numExtension, p6ICert **  pCertificate  )

pure virtual

Generate a X509 V3 certificate binding the pDN and publicKeyFile contents with a signature from the CA.

The CA is specified via the CACertFile and CAPrivateKeyFile.

This function can also be used to generate a CA's self-signed certificate. To do this pass the CA's distinguished name in for pDN and set the CACertFile to NULL. The resulting newCertFile can then be used as the CACertFile parameter in future calls.

To create a certificate with extensions requires that a CACertFile be available. So to do this requires a two step process. First create a CA cert without any extensions passing a NULL for the CACertFile parameter. Second, create a second (and main) CA cert with extensions using the first (and preliminary) CA cert for the CACertFile paramater.

Parameters

pDN	[ in ] A distinguished name defined as an array of P6CERTRDN values. The distinguished name of the subject of the certificate. For self signed certificates this will be used for both subject and issuer.
numDN	[IN} The number of entries in the pDN array.
pPublicKey	[ in ] A pointer to the p6ICryptoKey interface for the public key (either RSA or DSA) to be stored in the new certificate.
pPrivateKey	[ in ] A pointer to the p6ICryptoKey interface for the private key of the CA used to sign the new certificate.
pCACertificate	[ in ] The CA's certificate containing the issuer's distinguished name and public key. This parameter MUST be NULL for self-signed certificates.
secondsToExpire	[ in ] The life time of the certificate specified in seconds.
pExtensionSet	[ in ] An array of extensions to be added to the V3 certificate. This pointer can be NULL if no extensions are required.
numExtension	[ in ] The number of entries in pExtensionSet
pCertificate	[ out ] Pointer to the generated certificate

Returns

Success	P6R::eOk
Failure	P6R::eNotInitialized	A successful call to initialize was not made before this call.
	P6R::eFormatError	Unrecognized values for the distingished name (e.g., use "US" not "United States").
	P6R::eInvalidArg	One of the parameters is NULL, numDN is zero, or secondsToExpire is zero.
	P6R::eNotFound	Cannot open to read either publicKeyFile, CAPrivateKeyFile, or CACertFile.
	P6R::eIoError	Failure during reading either publicKeyFile, CAPrivateKeyFile, or CACertFile. Failure to write the newCertFile.
	P6R::eInternalError	Failed to properly sign the newly generated certificate.
	P6R::eInvalidDescriptor	The specified CAPrivateKeyFile is not either an RSA or DSA key.
	P6R::eFail	Failure to set the secondsToExpire value on the newly generated certificate.
	P6R::eInvalidState	Failure to properly assign values to the newly generated certificate.
	P6R::eNoMemory	Insufficient memory to generate new certificate in RAM.
	P6R::eUnsupported	If CACertFile is NULL but pExetnsionSet is non-NULL. That is, a CA cert is required to set V3 extensions. Or an unsupported extension has been passed in.