Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (71)
EC Keys (2053)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (5949)
Revoked Certificates (16)
Root CA (85)
RSA Keys (4865)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -x509" - Sign My Own CSR
Can I sign my own CSR with the OpenSSL "req -x509" command?
✍: FYIcenter.com
Yes, you can sign you own CSR (Certificate Sign Request) with
the OpenSSL "req -x509" command as shown below.
The result is a self-signed certificate.
See the example below:
C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -newkey rsa:512 -keyout rsa_test.key -out rsa_test.csr Generating a 512 bit RSA private key ........++++++++++++ .........++++++++++++ Enter PEM pass phrase:fyicenter Verifying - Enter PEM pass phrase:fyicenter ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:us State or Province Name (full name) [Some-State]:NY Locality Name (eg, city) []:New York Organization Name (eg, company) [Internet Widgits Pty Ltd]:Donald Inc. Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:www.donald.inc Email Address []:john@donald.inc Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:fyicenter An optional company name []:DonaldInc OpenSSL> req -x509 -in rsa_test.csr -key rsa_test.key -out rsa_test.crt Enter pass phrase for rsa_test.key:fyicenter OpenSSL> x509 -in rsa_test.crt -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 86:3c:bb:2c:17:e7:65:84 Signature Algorithm: sha256WithRSAEncryption Issuer: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc Validity Not Before: Aug 21 12:34:18 2016 GMT Not After : Sep 20 12:34:18 2016 GMT Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (512 bit) Modulus: 00:f6:d5:d3:79:87:8d:9d:83:49:6f:fb:08:67:08: fb:0f:ab:b4:7f:51:55:7b:49:fa:e3:47:8e:6e:22: d7:ba:ad:dc:10:56:e9:b3:42:f7:25:20:9d:a5:e3: 5f:5e:7c:95:cb:5a:22:f3:8f:3d:e1:b2:0a:fa:15: c5:16:64:17:03 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB X509v3 Authority Key Identifier: keyid:99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption ba:24:9c:7f:a0:d8:c3:7d:ef:c3:b2:b1:53:f8:e0:12:77:4b: d0:b3:ae:a4:f9:dc:1b:8f:30:51:6f:6a:81:6b:a1:a6:6a:0f: d1:18:93:14:61:46:48:55:a7:03:33:96:b6:dd:8a:b3:2f:ef: f6:c3:8d:19:1b:30:ee:16:16:ee
Commands used in this test:
⇒ OpenSSL "req -x509 -days" - Longer Self-Signed Certificate
2016-11-08, 1618👍, 0💬
Popular Posts:
Certificate Summary: Subject: Encryption Everywhere DV TLS CA - G1 Issuer: DigiCert Global Root CA E...
What is the ASN.1 (or ASN1) file structure supported by OpenSSL? ASN.1 (Abstract Syntax Notation One...
Certificate Summary: Subject: DST Root CA X3 Issuer: DST Root CA X3 Expiration: 2021-09-30 14:01:15 ...
How a Java application validates the certificate received from a server? Is the server's certificate...
Certificate summary - Owner: YandexExternalCA, Dld, Dyandex, Dru Issuer: GTE CyberTrust Global Root,...