OpenSSL "req -x509 -set_serial" - Certificate Serial Number


Can I sign my own CSR with a given serial number using the OpenSSL "req -x509" command?



Yes, you can sign you own CSR (Certificate Sign Request) with a given serial number using the OpenSSL "req -x509 -set_serial" command as shown below. Without the "-set_serial" option, the resulting certificate will have random serial number. See the example below:


OpenSSL> req -x509 -in rsa_test.csr -key rsa_test.key -out rsa_test.crt 
   -set_serial 1024
Enter pass phrase for rsa_test.key:fyicenter

OpenSSL> x509 -in rsa_test.crt -serial -noout

As you can see the given serial number is stored as a binary integer format. In the above example, 0x0400 = 1024.


OpenSSL "req -x509 -md5" - MD5 Digest for Signing

OpenSSL "req -x509 -days" - Longer Self-Signed Certificate

OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-11-11, 16878👍, 0💬