How about this, can be improved (factor out the write loop, save to file, etc)
but it generates a key pair that is accepted, apart from the CA part in browsers of course, but you know that.
program testcert;
{$mode objfpc}{$I-}{$H+}
uses
sysutils, base64, classes, sslbase, openssl, fpopenssl;
var
X509:TOpenSSLX509Certificate;
certkey:TCertAndKey;
pk,cr:TBytes;
e:ansistring;
i:integer;
begin
X509:=TOpenSSLX509Certificate.Create;
try
certkey:=X509.CreateCertificateAndKey;
cr:=certkey.certificate;
pk:=certkey.privatekey;
setstring(e,Pchar(certkey.Certificate),length(certkey.Certificate));
e:=EncodeStringBase64(e);
writeln('-----BEGIN CERTIFICATE-----');
for i :=1 to length(e) do
begin
write(e[i]);
if (i mod 64 = 0) or (i >=length(e)) then writeln;
end;
writeln('-----END CERTIFICATE-----');
writeln;
setstring(e,PAnsiChar(certkey.PrivateKey),length(certkey.PrivateKey));
e:=EncodeStringBase64(e);
writeln('-----BEGIN RSA PRIVATE KEY-----');
for i :=1 to length(e) do
begin
write(e[i]);
if (i mod 64 = 0) or (i >=length(e)) then writeln;
end;
writeln('-----END RSA PRIVATE KEY-----');
finally
X509.Free;
end;
end.
It is a 40 liner, but be careful. The certificates are accepted, though.
I got fed up with complex code, as usual, and this is a 40 liner.
Users must in reality split up the code to cer and pem. But this is how it works, provided openssl is installed correctly. (cross platform tested)