<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif;color:#000000">I've written big chunks of a CA in both openssl and java (BouncyCastle). It has definite benefits since it can be tightly integrated into an existing infrastructure but does require a fairly deep understanding of both concepts and implementation details. The actual key management is not that hard to write once you have that basic knowledge.</div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:#000000"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:#000000">However a CA is a lot more than just signing keys and that can be a lot of work but I think that will be true regardless of whether you're doing new development with the libraries or using scripts with the command line program. The command line is fine for small needs but I would definitely rather use the libraries (C or java) if I had it sitting behind a web or microservice.</div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:#000000"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:#000000">Finally I should point out that Amazon has just released an X.509 key management system as part of Amazon Web Services. I haven't had a chance to look at it but it might be easier to implement a front end to it.</div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:#000000"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:#000000">Bear</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 2, 2016 at 11:24 PM, lists <span dir="ltr"><<a href="mailto:lists@rustichelli.net" target="_blank">lists@rustichelli.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 03/02/2016 09:36 AM, <a href="mailto:thirumalkumarkanakurthi@bel.co.in" target="_blank">thirumalkumarkanakurthi@bel.co.in</a> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Dear users,<br>
I want to develop my own CA with openssl library with all the CA functionalities like Key generation,Certificate creation,Certificate Revocation List creation,Certificate revocation and certificate <a href="http://verification.in" rel="noreferrer" target="_blank">verification.in</a> Order to do so i am struct with the following questions<br>
<br>
1. currently i am using openssl_1_0_1 stable version. With this version is it possible to perform the above operations.<br>
</blockquote>
<br></span>
Yes, but it's a lot of code to write if you plan to use the library.<span class=""><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
2. Will above mentioned version provide full CA CRL functionalities.<br>
please help me with your valuable suggestions and solutions. Thanks in advance.<br>
<br>
</blockquote>
<br></span>
For what I know, all of it is there, too.<br>
But really consider using OpenSSL-based open source products or at least openssl command line tools where possible, otherwise it is just as answer (1): there is a lot to do!<div class="HOEnZb"><div class="h5"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Regards<br>
Thirumal Kumar Kanakurthi<br>
Member (Research Staff)/NWS Group<br>
Central Research Laboratory(BEL).<br>
Bangalore.<br>
Mobile:<a href="tel:%2B918050469976" value="+918050469976" target="_blank">+918050469976</a><br>
</blockquote>
<br></div></div><span class="HOEnZb"><font color="#888888">
-- <br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
</font></span></blockquote></div><br></div>