Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (71)
EC Keys (1853)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (5376)
Revoked Certificates (16)
Root CA (85)
RSA Keys (4390)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req" - "prompt=yes" Mode
How to use the "prompt=yes" mode of the OpenSSL "req -new" command? I want to enter DN values at the command prompt.
✍: FYIcenter.com
You can use "prompt=yes" mode of the OpenSSL "req -new" command as shown below,
if you set "prompt=yes" and
provide DN (Distinguished Name) field prompts in the configuration file.
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter prompt = yes distinguished_name = my_req_dn_prompt [my_req_dn_prompt] commonName = Common Name countryName = Country Name stateOrProvinceName = State localityName = City organizationName = Organization organizationalUnitName = Department emailAddress = Email C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name []:FYIcenter.com CA Country Name []:US State []:NY City []:New York Organization []:FYIcenter.com Department []:IT Email []:ca@fyicenter.com OpenSSL> req -in test.csr -text -noout Certificate Request:s Data: Version: 0 (0x0) Subject: CN=FYIcenter.com CA, C=US, ST=NY, L=New York, O=FYI Center, OU=IT /emailAddress=ca@fyicenter.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) ...
As you can see from the output, the "req -new" command executed correctly in the "prompt=yes" mode. distinguished_name section options are used as DN field prompts.
⇒ OpenSSL "req" - "prompt=yes" Mode with DN Validations
2016-10-30, 4624👍, 0💬
Popular Posts:
How to add a trusted CA (Certificate Authority) certificate into Java default keystore on Windows? M...
Certificate summary - Owner: *.files.wordpress.com, Domain Control Validated Issuer: SERIALNUMBER=07...
Credential roaming allows organizations to store certificates and private keys in Active Directory D...
How to delete a root CA certificate from Google Chrome? I don't know this CA (Certificate Authority)...
Certificate summary - Owner: McAfee OV SSL CA, "McAfee, Inc.", L=Santa Clara, ST=CA, US Issuer: AddT...