Collections:
Other Resources:
OpenSSL "req -new" - Repeating DN Fields
Can I repeat a DN field multiple times in the configuration file for the OpenSSL "req -new" command?
✍: FYIcenter.com
Yes, you can repeat a DN (Distinguished Name) field multiple times in the configuration file. This can be done by prefix the DN field name with "0.", "1.", and so on.
For example. "0.emailAddress=Email #1" and "1.emailAddress=Email #2" in the configuration file will prompt for the emailAddress twice.
The test below shows you an example of repeating DN fields multiple times:
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter prompt = yes distinguished_name = my_req_dn_prompt [my_req_dn_prompt] # Minimum of 4 bytes are needed for common name commonName = Common Name commonName_default = FYIcenter.com CA # ISO2 country code only countryName = Country Name countryName_default = US # State is optional, no minimum limit stateOrProvinceName = State stateOrProvinceName_default = NY # City is required localityName = City localityName_default = New York # Organization is optional organizationName = Organization organizationName_default = FYIcenter.com # Organization Unit is optional 0.organizationalUnitName = Department #1 0.organizationalUnitName_default = IT 1.organizationalUnitName = Department #2 1.organizationalUnitName_default = Security # Email is optional 0.emailAddress = Email #1 0.emailAddress_default = ca@fyicenter.com 1.emailAddress = Email #2 1.emailAddress_default = help@fyicenter.com C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name [FYIcenter.com CA]: Country Name [US]: State [NY]: City [New York]: Organization [FYIcenter.com]: Department [IT]: Department [Security]: Email [ca@fyicenter.com]: Email [help@fyicenter.com]: OpenSSL> req -in test.csr -subject -noout subject=/CN=FYIcenter.com CA/C=US/ST=NY/L=New York/O=FYIcenter.com/OU=IT /OU=Security/emailAddress=ca@fyicenter.com/emailAddress=help@fyicenter.com
As you can see from the output of the test, OU (organizationalUnitName) and emailAddress are both repeated twice.
⇒ OpenSSL "req -new" - DN Fields for Personal Certificates
⇐ OpenSSL "req -new" - "no objects specified in config file" Error
2016-10-27, 3463🔥, 0💬
Popular Posts:
Certificate Summary: Subject: RapidSSL TLS RSA CA G1 Issuer: DigiCert Global Root G2 Expiration: 202...
Certificate Summary: Subject: *.facebook.com Issuer: DigiCert SHA2 High Assurance Server CA Expirati...
Certificate summary - Owner: Entrust Certification Authority - L1E, "(c) 2009 Entrust, Inc.", www.en...
How to view Java system-level signer CA certificates using Java Control Panel? To view Java system-l...
How to generate a new DH key pair with a longer key size using OpenSSL "genpkey" command? If you nee...