Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (83)
EC Keys (2458)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6617)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5331)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -new" - DN Fields for Personal Certificates
How to use additional DN fields to create CSR for personal certificates?
✍: FYIcenter.com
You can set additional DN fields in the configuration file to allow OpenSSL "req -new" command to generate CSR for personal certificates. Additional DN fields are: emailAddress, name, surname, givenName, initials and dnQualifier.
The test below shows you how to use additional DN fields for personal certificates:
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter prompt = yes distinguished_name = my_req_dn_prompt [my_req_dn_prompt] # Addtional DN fields emailAddress = Email emailAddress_default = john@it givenName = First Name givenName_default = John surname = Last Name surname_default = Smith initials = Initials initials_default = JS name = Full Name name_default = John Smith dnQualifier = DN Qualifier dnQualifier_default = fyicenter.com C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Email [john@it]: First Name [John]: Last Name [Smith]: Initials [JS]: Full Name [John Smith]: DN Qualifier [fyicenter.com]: OpenSSL> req -in test.csr -subject -noout subject=/emailAddress=john@it/GN=John/SN=Smith/initials=JS/name=John Smith /dnQualifier=fyicenter.com
As you can see from the output, the resulting subject identifies well John Smith from the IT department at FYIcenter.com. This is good enough for a personal certificate.
⇒ OpenSSL "req" - X509 V3 Extensions Configuration Options
2016-10-27, 6333👍, 0💬
Popular Posts:
Certificate Summary: Subject: Google Internet Authority G3 Issuer: GlobalSign Expiration: 2021-12-15...
How to view the server certificate of the Website in Firefox? I know that the Website is using a "ht...
Certificate summary - Owner: www.xuite.net, ??????????, TW Issuer: Public Certification Authority, "...
What certificates are included in the Java default trusted certificate keystore file: "cacerts"? For...
Renewing a certificate with the same key provides maximum compatibility with past uses of the accomp...