You mean calling from the application the program openssl or openssl.exe? It is an option. But I don't think it is a good idea for this project. It will sure work if you compile the application. But I'm thinking in distributing also a windows installer which may be linked statically with openssl for example to avoid installing extra things. (more self contained)
Is there a function of a library or something I can link with for that? It's safer...

And I know how PKI works... But certificates are useless if they aren't signed by a CA because you can't check them. And you will have to transfer them by hand to be sure they are trustworthy. And if you can transfer the certificate you can transfer the key. So why you need them? You can also get the fingerprint straight from the public key. Can't you?