Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (982)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2662)
What Is (22)
OpenSSL "req" - distinguished_name Configuration Section
What is the distinguished_name section in the OpenSSL configuration file?
The distinguished_name section in the OpenSSL configuration file is a required section of options when using OpenSSL "req -new" or "req -newkey" commands to generate a new CSR or self-signed certificate.
distinguished_name sections provides options to control the behavior of the following two groups of DN (Distinguished Name) fields.
1. Standard DN fields:
2. Additional DN fields:
There are 2 modes to use when writing distinguished_name section in the configuration file:
1. "prompt=no" mode - This mode tells OpenSSL to not prompt user for distinguished name fields. It will read distinguished_name section as values for DN fields, instead of field prompting labels.
For example: "countryName=US" tells OpenSSL to use "US" as the countryName value.
2. "prompt=yes" mode - This mode tells OpenSSL to prompt user for distinguished name fields. It will read distinguished_name section as prompting labels for DN fields, instead of field values.
For example: "countryName=Country ISO2 Code" tells OpenSSL to use "Country ISO2 Code :" to prompt the user to enter the countryName value.
⇒ OpenSSL "req" - "prompt=no" Mode
⇐ OpenSSL "req -config" - Using Configuration File
2016-11-02, 23058👍, 0💬
How to view details of trusted root CA certificate on my Android device? You can view details of a t...
Certificate Summary: Subject: ISRG Root X1 Issuer: DST Root CA X3 Expiration: 2024-09-30 18:14:03 UT...
How to view general information of a root CA certificate in IE? I want to know when is the expiratio...
How a Java application validates the certificate received from a server? Is the server's certificate...