Collections:
Other Resources:
OpenSSL "req -new" - DN Fields for Personal Certificates
How to use additional DN fields to create CSR for personal certificates?
✍: FYIcenter.com
You can set additional DN fields in the configuration file to allow OpenSSL "req -new"
command to generate CSR for personal certificates.
Additional DN fields are: emailAddress, name, surname, givenName, initials and dnQualifier.
The test below shows you how to use additional DN fields for personal certificates:
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter prompt = yes distinguished_name = my_req_dn_prompt [my_req_dn_prompt] # Addtional DN fields emailAddress = Email emailAddress_default = john@it givenName = First Name givenName_default = John surname = Last Name surname_default = Smith initials = Initials initials_default = JS name = Full Name name_default = John Smith dnQualifier = DN Qualifier dnQualifier_default = fyicenter.com C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Email [john@it]: First Name [John]: Last Name [Smith]: Initials [JS]: Full Name [John Smith]: DN Qualifier [fyicenter.com]: OpenSSL> req -in test.csr -subject -noout subject=/emailAddress=john@it/GN=John/SN=Smith/initials=JS/name=John Smith /dnQualifier=fyicenter.com
As you can see from the output, the resulting subject identifies well John Smith from the IT department at FYIcenter.com. This is good enough for a personal certificate.
⇒ OpenSSL "req" - X509 V3 Extensions Configuration Options
2016-10-27, 7187🔥, 0💬
Popular Posts:
Certificate Summary: Subject: VeriSign Class 3 Public Primary Certification Authority - G4 Issuer: V...
Certificate Summary: Subject: HTTP Toolkit CA Issuer: HTTP Toolkit CA Expiration: 2024-09-11 21:29:4...
Certificate Summary: Subject: QuoVadis Global SSL ICA G3 Issuer: QuoVadis Root CA 2 G3 Expiration: 2...
Certificate summary - Owner: Network Solutions EV Server CA, Network Solutions L.L.C., US Issuer: Ne...
How to save the output of an OpenSSL command into a file? I want to make a copy of the server certif...