OpenSSL - OpenSSL "req -x509 -set_serial" - Certificate Serial Number

OpenSSL "req -x509 -set_serial" - Certificate Serial Number

Q

Can I sign my own CSR with a given serial number using the OpenSSL "req -x509" command?

✍: FYIcenter.com

A

Yes, you can sign you own CSR (Certificate Sign Request) with a given serial number using the OpenSSL "req -x509 -set_serial" command as shown below. Without the "-set_serial" option, the resulting certificate will have random serial number. See the example below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> req -x509 -in rsa_test.csr -key rsa_test.key -out rsa_test.crt 
   -set_serial 1024
Enter pass phrase for rsa_test.key:fyicenter

OpenSSL> x509 -in rsa_test.crt -serial -noout
serial=0400

As you can see the given serial number is stored as a binary integer format. In the above example, 0x0400 = 1024.

⇒ OpenSSL "req -x509 -md5" - MD5 Digest for Signing

⇐ OpenSSL "req -x509 -days" - Longer Self-Signed Certificate

⇑ OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-11-11, 7073👍, 0💬

OpenSSL "req -x509 -days" - Longer Self-Signed Certificate
Can I sign my own CSR with a longer expiration date using the OpenSSL "req -x509" command? I want to use this certificate as an internal root CA for 10 years. Yes, you can sign you own CSR (Certificate Sign Request) with a longer expiration date using the OpenSSL "req -x509 -days" command as shown b... 2016-11-11, 1548👍, 0💬

OpenSSL "req -x509 -md5" - MD5 Digest for Signing
Can I using MD5 digest algorithm when generating a self-signed certificate using the OpenSSL "req -x509" command? Yes, you can use MD5 digest algorithm when generating a self-signed certificate using the OpenSSL "req -x509 -md5" command Without the "-md5" option, the default SHA256 digest algorithm ... 2016-11-05, 1117👍, 0💬

OpenSSL "req -x509" - Sign CSR with Different Key
Can I sign my own CSR with a different private key using the OpenSSL "req -x509" command? Yes, you can sign you own CSR (Certificate Sign Request) with a different private key using the OpenSSL "req -x509" command as shown below. But the result is not a true self-signed certificate. The entity name ... 2016-11-05, 950👍, 0💬

OpenSSL "req -x509" - Sign My Own CSR
Can I sign my own CSR with the OpenSSL "req -x509" command? Yes, you can sign you own CSR (Certificate Sign Request) with the OpenSSL "req -x509" command as shown below. The result is a self-signed certificate. See the example below: C:\Users\fyicenter>\loc al\openssl\openssl.exeOpenSSL&g... 2016-11-08, 946👍, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.