How to generate X509 v3 certificate for PKCS#8 encrypted

[meghaamity]

Note: This is just a template, so feel free to use/remove the unnecessary things

Description

• Type: Question
• Priority: Blocker

Question
I want to generate x509 certificate with PKCS#8 encrypted private key info embedded

How to do that? Please share the steps and API to be used to create such certificate?

[RonEld]

@meghaamity Thank you for your question!
X509 certificates should not contain the private key embedded in them.
Do you mean a concatenation of a private key after a certificate in PEM?:

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY----
-----END PRIVATE KEY----

If so, you will need to create a certificate, and write your PKCS8 encrypted private key after certificate, in the generated file.
To create a certificate, please look at the sample application for creating a certificate, and add your required extensions.

At the moment, Mbed TLS does not support generating a password protected PKCS8 private key.

[RonEld]

We believe this issue has been addressed and answered, therefore closing.
If you believe it needs further action, please reopen with additional questions.
In addition, a support for writing PKCS#8 has been raised in #2413
Thanks!