Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (914)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2554)
What Is (22)
OpenSSL "req -new" - Repeating DN Fields
Can I repeat a DN field multiple times in the configuration file for the OpenSSL "req -new" command?
Yes, you can repeat a DN (Distinguished Name) field multiple times in the configuration file. This can be done by prefix the DN field name with "0.", "1.", and so on.
For example. "0.emailAddress=Email #1" and "1.emailAddress=Email #2" in the configuration file will prompt for the emailAddress twice.
The test below shows you an example of repeating DN fields multiple times:
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter prompt = yes distinguished_name = my_req_dn_prompt [my_req_dn_prompt] # Minimum of 4 bytes are needed for common name commonName = Common Name commonName_default = FYIcenter.com CA # ISO2 country code only countryName = Country Name countryName_default = US # State is optional, no minimum limit stateOrProvinceName = State stateOrProvinceName_default = NY # City is required localityName = City localityName_default = New York # Organization is optional organizationName = Organization organizationName_default = FYIcenter.com # Organization Unit is optional 0.organizationalUnitName = Department #1 0.organizationalUnitName_default = IT 1.organizationalUnitName = Department #2 1.organizationalUnitName_default = Security # Email is optional 0.emailAddress = Email #1 0.emailAddress_default = email@example.com 1.emailAddress = Email #2 1.emailAddress_default = firstname.lastname@example.org C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name [FYIcenter.com CA]: Country Name [US]: State [NY]: City [New York]: Organization [FYIcenter.com]: Department [IT]: Department [Security]: Email [email@example.com]: Email [firstname.lastname@example.org]: OpenSSL> req -in test.csr -subject -noout subject=/CN=FYIcenter.com CA/C=US/ST=NY/L=New York/O=FYIcenter.com/OU=IT /OU=Security/emailAddressemail@example.com/emailAddressfirstname.lastname@example.org
As you can see from the output of the test, OU (organizationalUnitName) and emailAddress are both repeated twice.
⇒ OpenSSL "req -new" - DN Fields for Personal Certificates
⇐ OpenSSL "req -new" - "no objects specified in config file" Error
2016-10-27, 2618👍, 0💬
Certificate summary - Owner: *.etsy.com, Ops, Etsy, L=Secaucus, ST=New Jersey, US Issuer: Cybertrust...
Why I am getting an error: "CryptoException: Could not save keystore"? when exporting my 4096-bit ke...
Can I continue to use the Web site, even if it has the "Your connection is not secure" error? Normal...
Where to find tutorials on using certificate manager console "certmgr.msc" on Windows? Here is a col...
What are required root certificates for Windows XP and other Windows systems? I was told to not touc...