Collections:
Other Resources:
OpenSSL "req -x509" - Sign My Own CSR
Can I sign my own CSR with the OpenSSL "req -x509" command?
✍: FYIcenter.com
Yes, you can sign you own CSR (Certificate Sign Request) with the OpenSSL "req -x509" command as shown below. The result is a self-signed certificate. See the example below:
C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -newkey rsa:512 -keyout rsa_test.key -out rsa_test.csr Generating a 512 bit RSA private key ........++++++++++++ .........++++++++++++ Enter PEM pass phrase:fyicenter Verifying - Enter PEM pass phrase:fyicenter ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:us State or Province Name (full name) [Some-State]:NY Locality Name (eg, city) []:New York Organization Name (eg, company) [Internet Widgits Pty Ltd]:Donald Inc. Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:www.donald.inc Email Address []:john@donald.inc Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:fyicenter An optional company name []:DonaldInc OpenSSL> req -x509 -in rsa_test.csr -key rsa_test.key -out rsa_test.crt Enter pass phrase for rsa_test.key:fyicenter OpenSSL> x509 -in rsa_test.crt -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 86:3c:bb:2c:17:e7:65:84 Signature Algorithm: sha256WithRSAEncryption Issuer: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc Validity Not Before: Aug 21 12:34:18 2016 GMT Not After : Sep 20 12:34:18 2016 GMT Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, CN=www.donald.inc/emailAddress=john@donald.inc Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (512 bit) Modulus: 00:f6:d5:d3:79:87:8d:9d:83:49:6f:fb:08:67:08: fb:0f:ab:b4:7f:51:55:7b:49:fa:e3:47:8e:6e:22: d7:ba:ad:dc:10:56:e9:b3:42:f7:25:20:9d:a5:e3: 5f:5e:7c:95:cb:5a:22:f3:8f:3d:e1:b2:0a:fa:15: c5:16:64:17:03 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB X509v3 Authority Key Identifier: keyid:99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption ba:24:9c:7f:a0:d8:c3:7d:ef:c3:b2:b1:53:f8:e0:12:77:4b: d0:b3:ae:a4:f9:dc:1b:8f:30:51:6f:6a:81:6b:a1:a6:6a:0f: d1:18:93:14:61:46:48:55:a7:03:33:96:b6:dd:8a:b3:2f:ef: f6:c3:8d:19:1b:30:ee:16:16:ee
Commands used in this test:
⇒ OpenSSL "req -x509 -days" - Longer Self-Signed Certificate
2016-11-08, 1861🔥, 0💬
Popular Posts:
Certificate summary - Owner: www.orange.fr, Orange France, france telecom, L=Bagnolet, ST=Seine Sain...
Certificate Summary: Subject: VeriSign Class 3 Secure Server CA - G3 Issuer: VeriSign Class 3 Public...
Certificate Summary: Subject: SSL.com Root Certification Authority RSA Issuer: Certum Trusted Networ...
Certificate summary - Owner: COMODO RSA Organization Validation Secure Server CA, COMODO CA Limited,...
Certificate summary - Owner: Thawte SGC CA - G2, "Thawte, Inc.", US Issuer: VeriSign Class 3 Public ...