OpenSSL "req" - distinguished_name Configuration Section

Q

What is the distinguished_name section in the OpenSSL configuration file?

✍: FYIcenter.com

A

The distinguished_name section in the OpenSSL configuration file is a required section of options when using OpenSSL "req -new" or "req -newkey" commands to generate a new CSR or self-signed certificate.

distinguished_name sections provides options to control the behavior of the following two groups of DN (Distinguished Name) fields.

1. Standard DN fields:

  • commonName (or CN) - Common name of the subject.
  • countryName (or C) - ISO2 code of the country where the subject is located.
  • stateOrProvinceName (or ST) - State or province name where the subject is located.
  • localityName (or L) - Locality, like city, name where the subject is located.
  • organizationName (or O) - Organization name which the subject belongs to.
  • organizationalUnitName (or OU) - Organization unit name which the subject belongs to.

2. Additional DN fields:

  • name - Name of the subject.
  • surname - Last name of the subject.
  • givenName - First name of the subject.
  • initials - Intitials of the subject.
  • emailAddress - Email address of the subject.
  • dnQualifier - Distinguished Name Qualifier of the subject.

There are 2 modes to use when writing distinguished_name section in the configuration file:

1. "prompt=no" mode - This mode tells OpenSSL to not prompt user for distinguished name fields. It will read distinguished_name section as values for DN fields, instead of field prompting labels.

For example: "countryName=US" tells OpenSSL to use "US" as the countryName value.

2. "prompt=yes" mode - This mode tells OpenSSL to prompt user for distinguished name fields. It will read distinguished_name section as prompting labels for DN fields, instead of field values.

For example: "countryName=Country ISO2 Code" tells OpenSSL to use "Country ISO2 Code []:" to prompt the user to enter the countryName value.

 

OpenSSL "req" - "prompt=no" Mode

OpenSSL "req -config" - Using Configuration File

OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-11-02, 3467👍, 0💬