Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (71)
EC Keys (1855)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (5385)
Revoked Certificates (16)
Root CA (85)
RSA Keys (4397)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -x509 -set_serial" - Certificate Serial Number
Can I sign my own CSR with a given serial number using the OpenSSL "req -x509" command?
✍: FYIcenter.com
Yes, you can sign you own CSR (Certificate Sign Request) with a given serial number
using the OpenSSL "req -x509 -set_serial" command as shown below.
Without the "-set_serial" option, the resulting certificate will have random serial number.
See the example below:
C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -x509 -in rsa_test.csr -key rsa_test.key -out rsa_test.crt -set_serial 1024 Enter pass phrase for rsa_test.key:fyicenter OpenSSL> x509 -in rsa_test.crt -serial -noout serial=0400
As you can see the given serial number is stored as a binary integer format. In the above example, 0x0400 = 1024.
⇒ OpenSSL "req -x509 -md5" - MD5 Digest for Signing
⇐ OpenSSL "req -x509 -days" - Longer Self-Signed Certificate
2016-11-11, 16878👍, 0💬
Popular Posts:
Certificate summary - Owner: *.googleusercontent.com, Google Inc, L=Mountain View, ST=California, US...
Why am I getting the "data too large for key size" error with OpenSSL "rsautl -encrypt -raw" command...
Certificate summary - Owner: www.ameba.jp, Ameba Section, Cyber Agent ltd, L=Shibuya-ku Dougenzaka 2...
Certificate summary - Owner: VeriSign Class 3 Secure Server CA - G2, Terms of use at https://www.ver...
Certificate Summary: Subject: Go Daddy Class 2 Certification Authority Issuer: Go Daddy Class 2 Cert...