Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (976)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (3311)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2660)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -new" - DN Fields for Personal Certificates
How to use additional DN fields to create CSR for personal certificates?
✍: FYIcenter.com
You can set additional DN fields in the configuration file to allow OpenSSL "req -new"
command to generate CSR for personal certificates.
Additional DN fields are: emailAddress, name, surname, givenName, initials and dnQualifier.
The test below shows you how to use additional DN fields for personal certificates:
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter prompt = yes distinguished_name = my_req_dn_prompt [my_req_dn_prompt] # Addtional DN fields emailAddress = Email emailAddress_default = john@it givenName = First Name givenName_default = John surname = Last Name surname_default = Smith initials = Initials initials_default = JS name = Full Name name_default = John Smith dnQualifier = DN Qualifier dnQualifier_default = fyicenter.com C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Email [john@it]: First Name [John]: Last Name [Smith]: Initials [JS]: Full Name [John Smith]: DN Qualifier [fyicenter.com]: OpenSSL> req -in test.csr -subject -noout subject=/emailAddress=john@it/GN=John/SN=Smith/initials=JS/name=John Smith /dnQualifier=fyicenter.com
As you can see from the output, the resulting subject identifies well John Smith from the IT department at FYIcenter.com. This is good enough for a personal certificate.
⇒ OpenSSL "req" - X509 V3 Extensions Configuration Options
2016-10-27, 5057👍, 0💬
Popular Posts:
Certificate summary - Owner: dynamic.12306.cn, ????????, Sinorail Certification Authority, CN Issuer...
Where to find tutorials on using OpenSSL "ca" command? Here is a collection of tutorials on using Op...
Can I build an RSA private key from an OpenSSL configuration file? Yes, you can build an RSA private...
How to specify those intermediate CA certificates that form the signing chain for the server certifi...
How to use the "keytool -printcert" command? I want to see what to see more information about a cert...