Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (867)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (3101)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2498)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "x509 -x509toreq" - Conver Certificate to CSR
How to convert a certificate to a CSR using OpenSSL "x509" command? I want to generate a CSR with the same information as my existing certificate.
✍: FYIcenter.com
You can convert a certificate to a CSR using the OpenSSL "x509 -x509toreq" command
as shown below:
C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> x509 -x509toreq -in twitter.crt -signkey test.key -out twitter.csr Getting request Private Key Generating certificate request OpenSSL> req -in twitter.csr -text -noout Certificate Request: Data: Version: 0 (0x0) Subject: businessCategory=Private Organization/jurisdictionC=US/jurisdic tionST=Delaware/serialNumber=4337446/street=Suite 900/street=1355 Market St/post alCode=94103, C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=twitter.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c2:08:98:fa:67:00:05:55:b6:0b:61:0e:1a:d7: b5:8a:c1:cc:03:be:3c:17:fb:94:f7:d9:fa:4c:9f: 46:60:9c:6a:ad:7d:3a:e5:34:5a:12:b0:b2:0b:aa: ec:96:e1:58:81:2f:ad:60:ab:47:93:69:e3:84:75: 53:c1:f9:0f:b9:46:ab:9e:ea:ab:18:98:8c:68:54: 08:51:65:43:1a:61:97:27:5c:5e:0f:15:e9:cd:16: ab:dd:51:5b:76:2f:fc:d3:11:99:9d:d2:a6:3d:87: 02:75:e6:24:96:e2:04:3e:14:9c:fa:7e:b8:71:42: 37:00:b5:b0:8a:e2:33:95:8b:da:3f:fb:63:4d:37: 62:d5:1c:02:ea:30:7e:dc:0d:53:d5:d4:0b:b8:a3: 10:13:6d:1f:89:94:0b:6a:94:44:67:29:82:ad:e6: d5:b0:52:fc:95:57:06:d6:d1:22:66:84:d3:92:2a: 02:c7:94:56:df:55:3f:c2:13:f2:7c:16:78:33:a1: 53:f7:77:97:5c:b7:96:05:d5:44:f4:bf:ef:83:22: 5d:7a:e6:8f:e4:ac:df:34:9e:b6:0f:0a:53:f0:1a: db:71:37:69:92:f6:14:a9:1c:75:65:72:45:24:09: 3b:2c:6a:d7:b9:69:a5:dc:df:6d:9c:6b:fc:c6:a2: 5b:31 Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha256WithRSAEncryption 6c:17:ca:f2:ac:76:97:be:07:d1:75:b2:24:06:6e:32:dc:c5: 23:be:06:d9:09:7e:c3:06:2e:62:40:aa:6a:55:db:17:95:c7: 5a:d4:f3:ab:7a:fe:26:30:4b:69:47:bd:43:9f:3c:8b:15:46: 3f:4b:b9:c8:8b:1b:29:5e:08:77:e2:7e:6c:f4:31:e3:9e:6a: 5a:5f:7d:6d:4a:70:de:a5:b4:ed:56:59:95:6b:3b:d9:08:cd: 4e:ac:c3:f7:cb:8a:ac:ab:52:a6:10:14:c6:2b:fa:05:40:26: d6:8c:ec:d4:07:14:b7:8d:dd:9e:6f:86:fd:3d:32:dc:81:4f: c9:27
Options used in the "x509" commands are:
One big advantage of using "x509 -x509toreq" command to convert a certificate to a new CSR to avoid re-entering all DN (Distinguished Name) field values. The new CSR will copy all DN fields from the certificate to the CSR. In other words, the CSR will have an identical subject as the certificate.
⇒ OpenSSL "req -verify" - Error "wrong signature length"
⇐ OpenSSL "x509 -fingerprint" - Print Certificate Fingerprint
2018-02-14, 5233👍, 0💬
Popular Posts:
How to specify x.509 v3 extensions options in the configuration file for generating CSR using the Op...
What is a JKS (Java KeyStore) file? I heard that it used to provide CA certificates to Java applicat...
How to create a new "cert8.db" file using Mozilla "certutil" tool? If you want to create a new "cert...
Certificate summary - Owner: *.mail.ru, IT, LLC Mail.Ru, L=Moscow, ST=Moscow, RU Issuer: Thawte SSL ...
What can I use OpenSSL "pkey" command for? What are options supported by the "pkey" command? OpenSSL...