OpenSSL "req -x509 -md5" - MD5 Digest for Signing

Q

Can I using MD5 digest algorithm when generating a self-signed certificate using the OpenSSL "req -x509" command?

✍: FYIcenter.com

A

Yes, you can use MD5 digest algorithm when generating a self-signed certificate using the OpenSSL "req -x509 -md5" command Without the "-md5" option, the default SHA256 digest algorithm will be used in the signing process. See the example below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> req -x509 -in rsa_test.csr -key rsa_test.key -out rsa_test.crt -md5
Enter pass phrase for rsa_test.key:fyicenter

OpenSSL> x509 -in rsa_test.crt -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            96:28:6c:2e:b9:4f:84:59
    Signature Algorithm: md5WithRSAEncryption
        Issuer: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, 
                CN=www.donald.inc/emailAddress=john@donald.inc
        Validity
            Not Before: Aug 23 02:11:42 2016 GMT
            Not After : Sep 22 02:11:42 2016 GMT
        Subject: C=us, ST=NY, L=New York, O=Donald Inc., OU=IT, 
                CN=www.donald.inc/emailAddress=john@donald.inc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (512 bit)
                Modulus:
                    00:f6:d5:d3:79:87:8d:9d:83:49:6f:fb:08:67:08:
                    fb:0f:ab:b4:7f:51:55:7b:49:fa:e3:47:8e:6e:22:
                    d7:ba:ad:dc:10:56:e9:b3:42:f7:25:20:9d:a5:e3:
                    5f:5e:7c:95:cb:5a:22:f3:8f:3d:e1:b2:0a:fa:15:
                    c5:16:64:17:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB
            X509v3 Authority Key Identifier:
                keyid:99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: md5WithRSAEncryption
         f6:97:36:2e:01:9a:3b:11:3e:49:c7:c9:5e:bd:91:28:6e:c3:
         9d:f4:7a:e9:57:07:f2:cf:44:04:92:6a:c3:6e:31:05:c3:30:
         5d:36:cb:32:ff:20:ac:06:c5:5c:d9:2b:f1:06:71:90:23:1d:
         2d:5d:ce:9c:7d:0a:6c:39:e2:09

The output from the "x509 -text -noout" command confirms that MD5 algorithm was used as digest algorithm in the digital signature.

⇒ OpenSSL "req -x509" - Sign CSR with Different Key

⇐ OpenSSL "req -x509 -set_serial" - Certificate Serial Number

⇑ OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-11-05, 2571👍, 0💬

OpenSSL "req -x509 -set_serial" - Certificate Serial Number
Can I sign my own CSR with a given serial number using the OpenSSL "req -x509" command? Yes, you can sign you own CSR (Certificate Sign Request) with a given serial number using the OpenSSL "req -x509 -set_serial" command as shown below. Without the "-set_serial" option, the resulting certificate wi... 2016-11-11, 12655👍, 0💬

OpenSSL "req -config" - Using Configuration File
Can I use my own configuration file when running "req" command? Yes, you can specify your own configuration file using the "-config file" option when running the "req" command. OpenSSL configuration file allows you to control the behavior of the "req" command with the following options: utf8 - If se... 2016-11-03, 5467👍, 0💬

OpenSSL "req" - "prompt=no" Mode
How to use the "prompt=no" mode of the OpenSSL "req -new" command? I want to specify DN field values directly in the configuration file. You can use "prompt=no" mode of the OpenSSL "req -new" command as shown below, if you set "prompt=no" and provide DN (Distinguished Name) field values in the confi... 2016-11-02, 5454👍, 0💬

OpenSSL "req -x509 -md5" - MD5 Digest for Signing
Can I using MD5 digest algorithm when generating a self-signed certificate using the OpenSSL "req -x509" command? Yes, you can use MD5 digest algorithm when generating a self-signed certificate using the OpenSSL "req -x509 -md5" command Without the "-md5" option, the default SHA256 digest algorithm ... 2016-11-05, 2572👍, 0💬

OpenSSL "req -x509 -days" - Longer Self-Signed Certificate
Can I sign my own CSR with a longer expiration date using the OpenSSL "req -x509" command? I want to use this certificate as an internal root CA for 10 years. Yes, you can sign you own CSR (Certificate Sign Request) with a longer expiration date using the OpenSSL "req -x509 -days" command as shown b... 2016-11-11, 2339👍, 0💬

OpenSSL "req -x509 -newkey" - Generate Private Key and Certificate
How to generate a new private key with a public key and generate a self-signed certificate using a single OpenSSL "req" command? If you do not have a pair of private key and public key, and you want to generate self-signed certificate to represent your personal identity or server identity, you can u... 2016-11-15, 1657👍, 0💬

OpenSSL Not Validate Signature in Self-Signed Certificate
Does OpenSSL "verify" command really validate the digital signature in a self-signed certificate? No, OpenSSL "verify" command does not validate the digital signature in a self-signed certificate. In the following test, a CSR with an RSA public key was "self-signed" by the OpenSSL "req -x509" comman... 2016-11-03, 1570👍, 0💬

OpenSSL "req -x509" - Sign CSR with Different Key
Can I sign my own CSR with a different private key using the OpenSSL "req -x509" command? Yes, you can sign you own CSR (Certificate Sign Request) with a different private key using the OpenSSL "req -x509" command as shown below. But the result is not a true self-signed certificate. The entity name ... 2016-11-05, 1410👍, 0💬

OpenSSL "req -x509" - Sign My Own CSR
Can I sign my own CSR with the OpenSSL "req -x509" command? Yes, you can sign you own CSR (Certificate Sign Request) with the OpenSSL "req -x509" command as shown below. The result is a self-signed certificate. See the example below: C:\Users\fyicenter>\loc al\openssl\openssl.exeOpenSSL&g... 2016-11-08, 1368👍, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.