Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (71)
EC Keys (1854)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (5378)
Revoked Certificates (16)
Root CA (85)
RSA Keys (4391)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -new" - Repeating DN Fields
Can I repeat a DN field multiple times in the configuration file for the OpenSSL "req -new" command?
✍: FYIcenter.com
Yes, you can repeat a DN (Distinguished Name) field multiple times in the configuration file.
This can be done by prefix the DN field name with "0.", "1.", and so on.
For example. "0.emailAddress=Email #1" and "1.emailAddress=Email #2" in the configuration file will prompt for the emailAddress twice.
The test below shows you an example of repeating DN fields multiple times:
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter prompt = yes distinguished_name = my_req_dn_prompt [my_req_dn_prompt] # Minimum of 4 bytes are needed for common name commonName = Common Name commonName_default = FYIcenter.com CA # ISO2 country code only countryName = Country Name countryName_default = US # State is optional, no minimum limit stateOrProvinceName = State stateOrProvinceName_default = NY # City is required localityName = City localityName_default = New York # Organization is optional organizationName = Organization organizationName_default = FYIcenter.com # Organization Unit is optional 0.organizationalUnitName = Department #1 0.organizationalUnitName_default = IT 1.organizationalUnitName = Department #2 1.organizationalUnitName_default = Security # Email is optional 0.emailAddress = Email #1 0.emailAddress_default = ca@fyicenter.com 1.emailAddress = Email #2 1.emailAddress_default = help@fyicenter.com C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name [FYIcenter.com CA]: Country Name [US]: State [NY]: City [New York]: Organization [FYIcenter.com]: Department [IT]: Department [Security]: Email [ca@fyicenter.com]: Email [help@fyicenter.com]: OpenSSL> req -in test.csr -subject -noout subject=/CN=FYIcenter.com CA/C=US/ST=NY/L=New York/O=FYIcenter.com/OU=IT /OU=Security/emailAddress=ca@fyicenter.com/emailAddress=help@fyicenter.com
As you can see from the output of the test, OU (organizationalUnitName) and emailAddress are both repeated twice.
⇒ OpenSSL "req -new" - DN Fields for Personal Certificates
⇐ OpenSSL "req -new" - "no objects specified in config file" Error
2016-10-27, 3009👍, 0💬
Popular Posts:
Certificate summary - Owner: www.symantec.com, Corp Mktg & Comms - Online Exp, Symantec Corporat...
How to generate a new RSA key pair with a different public exponent using OpenSSL "genpkey" command?...
Certificate Summary: Subject: GlobalSign GCC R3 DV TLS CA 2020 Issuer: GlobalSign Expiration: 2029-0...
How to decode an X.509 certificate and view its content? To help you to decode X.509 certificate and...
Certificate Summary: Subject: Cybertrust Public SureServer SV CA Issuer: Baltimore CyberTrust Root E...