Collections:
Other Resources:
OpenSSL "req -new -reqexts" - Specify CSR V3 Extensions
How to specify x.509 v3 extensions options in the configuration file for generating CSR using the OpenSSL "req" command?
✍: FYIcenter.com
You can use x.509 v3 extensions options when using OpenSSL "req -new" command to generate a CSR (Certificate Signing Request). The provided x509 extensions will be included in the resulting CSR.
In order to user x.509 v3 extensions options for the OpenSSL "req -new" command, first you need write them in a named section in the configuration file. For example:
[my_req_ext] basicConstraints = critical, CA:false subjectKeyIdentifier = hash keyUsage = cRLSign, keyCertSign extendedKeyUsage = codeSigning, timeStamping subjectAltName = email:john@fyicenter.com
Then you can provided this named section [my_req_ext] to the "req -new" command in two ways:
1. Using "req_extensions" option in the [req] section - You can set "req_extensions=my_req_ext" in the [req] section of the configuration file. For example:
[req] default_bits = 1024 input_password = fyicenter req_extensions = my_req_ext [my_req_ext] ...
2. Using "-reqexts" option in the "req -new" command - For example, "req -new -reqexts my_req_ext" command will take x.509 v3 extensions from the [my_req_ext] section in the configuration file.
Note that you can not use all x.509 v3 extensions when generating s CSR using the "req -new" command, because some of them can not be supported in CSR, like authorityKeyIdentifier and issuerAltName.
⇒ OpenSSL "req -new -reqexts" - Test CSR V3 Extensions
2016-10-25, 12998🔥, 0💬
Popular Posts:
Certificate summary - Owner: www.purevolume.com, Domain Control Validated Issuer: SERIALNUMBER=07969...
Certificate summary - Owner: *.spotify.com, COMODO SSL Wildcard, Domain Control Validated Issuer: CO...
Certificate Summary: Subject: Cybertrust Global Root Issuer: Cybertrust Global Root Expiration: 2021...
Certificate Summary: Subject: Dow Jones Enterprise Root CA Issuer: Dow Jones Enterprise Root CA Expi...
Certificate summary - Owner: *.edublogs.org, EssentialSSL Wildcard, Domain Control Validated Issuer:...