Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (976)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (3311)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2660)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -new -reqexts" - Specify CSR V3 Extensions
How to specify x.509 v3 extensions options in the configuration file for generating CSR using the OpenSSL "req" command?
✍: FYIcenter.com
You can use x.509 v3 extensions options when using OpenSSL "req -new" command
to generate a CSR (Certificate Signing Request). The provided x509 extensions will be
included in the resulting CSR.
In order to user x.509 v3 extensions options for the OpenSSL "req -new" command, first you need write them in a named section in the configuration file. For example:
[my_req_ext] basicConstraints = critical, CA:false subjectKeyIdentifier = hash keyUsage = cRLSign, keyCertSign extendedKeyUsage = codeSigning, timeStamping subjectAltName = email:john@fyicenter.com
Then you can provided this named section [my_req_ext] to the "req -new" command in two ways:
1. Using "req_extensions" option in the [req] section - You can set "req_extensions=my_req_ext" in the [req] section of the configuration file. For example:
[req] default_bits = 1024 input_password = fyicenter req_extensions = my_req_ext [my_req_ext] ...
2. Using "-reqexts" option in the "req -new" command - For example, "req -new -reqexts my_req_ext" command will take x.509 v3 extensions from the [my_req_ext] section in the configuration file.
Note that you can not use all x.509 v3 extensions when generating s CSR using the "req -new" command, because some of them can not be supported in CSR, like authorityKeyIdentifier and issuerAltName.
⇒ OpenSSL "req -new -reqexts" - Test CSR V3 Extensions
2016-10-25, 10466👍, 0💬
Popular Posts:
How to export the server certificate to a file in IE? I can view the server certificate used by the ...
Certificate summary - Owner: GeoTrust DV SSL CA, Domain Validated SSL, GeoTrust Inc., US Issuer: Geo...
Key Summary: Type: RSA 2048-Bit Public Key Identifier: 8A:74:7F:AF:85:CD:EE:95: CD:3D:9C:D0:E2:46:14:...
Why I am getting the "variable lookup failed for ca::default_ca" error when running OpenSSL "ca" com...
Certificate summary - Owner: *.acesse.com, Domain Control Validated, *.acesse.com Issuer: SERIALNUMB...