Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (83)
EC Keys (2463)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6622)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5335)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req" - "prompt=yes" Mode with DN Defaults
How to specify DN value defaults when using the "prompt=yes" mode of the OpenSSL "req -new" command?
✍: FYIcenter.com
If you are using "prompt=yes" mode, you can also set DN (Distinguished Name) default values in the configuration file. OpenSSL will prompt the user for DN fields with default values. The user can press "Enter" key to take default values.
Note that if you want to remove the default value, you can enter "." at the prompt.
For example, "countryName=Country Name" and "countryName_default=US" will tell OpenSSL to prompt the user "Country Name [US]:" for the countryName field. The user can press "Enter" key to take "US", enter "." to remove "US", or enter "CA" for another country.
Below is a test showing you how to use DN value length limits in the OpenSSL configuration file.
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter prompt = yes distinguished_name = my_req_dn_prompt [my_req_dn_prompt] # Minimum of 4 bytes are needed for common name commonName = Common Name commonName_min = 4 commonName_max = 32 commonName_default = FYIcenter.com Root CA # ISO2 country code only countryName = Country Name countryName_min = 2 countryName_max = 2 countryName_default = US # State is optional, no minimum limit stateOrProvinceName = State stateOrProvinceName_max = 24 stateOrProvinceName_default = NY # City is required localityName = City localityName_min = 3 localityName_max = 24 localityName_default = New York # Organization is optional organizationName = Organization organizationName_max = 48 organizationName_default = FYIcenter.com # Organization Unit is optional organizationalUnitName = Department organizationalUnitName_max = 48 organizationalUnitName_default = IT # Email is optional emailAddress = Email emailAddress_max = 48 emailAddress_default = ca@fyicenter.com C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name [FYIcenter.com CA]: Country Name [US]: State [NY]: City [New York]: Organization [FYIcenter.com]: Department [IT]:. Email [ca@fyicenter.com]:root@fyicenter.com OpenSSL> req -in test.csr -text -noout Certificate Request: Data: Version: 0 (0x0) Subject: CN=FYIcenter.com CA, C=US, ST=NY, L=New York, O=FYIcenter.com/emailAddress=root@fyicenter.com ...
As you can see from the test, setting DN default values makes the OpenSSL "req -new" command much easier to use. You can keep pressing "Enter" key, if you like default values.
⇒ OpenSSL "req new -batch" - Using DN Default Values Only
2016-10-29, 4673🔥, 0💬
Popular Posts:
Certificate summary - Owner: *.pof.com, PlentyOfFish Media Inc., L=Vancouver, ST=British Columbia, C...
Certificate Summary: Subject: sni.cloudflaressl.com Issuer: CloudFlare Inc ECC CA-2 Expiration: 2019...
Where to click to get more Website information in Google Chrome? I want to know if the page I am int...
Certificate Summary: Subject: *.digikala.com Issuer: CLASS 2 KEYNECTIS CA Expiration: 2018-10-19 08:...
Certificate summary - Owner: *.us1.list-manage.com, "The Rocket Science Group, LLC", L=Atlanta, ST=G...