Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (976)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (3313)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2662)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req" - "prompt=yes" Mode
How to use the "prompt=yes" mode of the OpenSSL "req -new" command? I want to enter DN values at the command prompt.
✍: FYIcenter.com
You can use "prompt=yes" mode of the OpenSSL "req -new" command as shown below,
if you set "prompt=yes" and
provide DN (Distinguished Name) field prompts in the configuration file.
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter prompt = yes distinguished_name = my_req_dn_prompt [my_req_dn_prompt] commonName = Common Name countryName = Country Name stateOrProvinceName = State localityName = City organizationName = Organization organizationalUnitName = Department emailAddress = Email C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name []:FYIcenter.com CA Country Name []:US State []:NY City []:New York Organization []:FYIcenter.com Department []:IT Email []:ca@fyicenter.com OpenSSL> req -in test.csr -text -noout Certificate Request:s Data: Version: 0 (0x0) Subject: CN=FYIcenter.com CA, C=US, ST=NY, L=New York, O=FYI Center, OU=IT /emailAddress=ca@fyicenter.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) ...
As you can see from the output, the "req -new" command executed correctly in the "prompt=yes" mode. distinguished_name section options are used as DN field prompts.
⇒ OpenSSL "req" - "prompt=yes" Mode with DN Validations
2016-10-30, 4213👍, 0💬
Popular Posts:
Why am I getting the "data too large for key size" error with OpenSSL "rsautl -encrypt -raw" command...
Certificate summary - Owner: USERTrust Legacy Secure Server CA, The USERTRUST Network, L=Salt Lake C...
How to generate a pair of EC Private Key and Public Key? To help you to generate a pair of EC Privat...
How to print out MD5 and SHA-1 fingerprints of a certificate using OpenSSL "x509" command? I need to...
Certificate Summary: Subject: sni.cloudflaressl.com Issuer: CloudFlare Inc ECC CA-2 Expiration: 2020...