Collections:
Other Resources:
OpenSSL "req -new -reqexts" - Specify CSR V3 Extensions
How to specify x.509 v3 extensions options in the configuration file for generating CSR using the OpenSSL "req" command?
✍: FYIcenter.com
You can use x.509 v3 extensions options when using OpenSSL "req -new" command
to generate a CSR (Certificate Signing Request). The provided x509 extensions will be
included in the resulting CSR.
In order to user x.509 v3 extensions options for the OpenSSL "req -new" command, first you need write them in a named section in the configuration file. For example:
[my_req_ext] basicConstraints = critical, CA:false subjectKeyIdentifier = hash keyUsage = cRLSign, keyCertSign extendedKeyUsage = codeSigning, timeStamping subjectAltName = email:john@fyicenter.com
Then you can provided this named section [my_req_ext] to the "req -new" command in two ways:
1. Using "req_extensions" option in the [req] section - You can set "req_extensions=my_req_ext" in the [req] section of the configuration file. For example:
[req] default_bits = 1024 input_password = fyicenter req_extensions = my_req_ext [my_req_ext] ...
2. Using "-reqexts" option in the "req -new" command - For example, "req -new -reqexts my_req_ext" command will take x.509 v3 extensions from the [my_req_ext] section in the configuration file.
Note that you can not use all x.509 v3 extensions when generating s CSR using the "req -new" command, because some of them can not be supported in CSR, like authorityKeyIdentifier and issuerAltName.
⇒ OpenSSL "req -new -reqexts" - Test CSR V3 Extensions
2016-10-25, ≈14🔥, 0💬
Popular Posts:
How to create a new system certificate store using the "makecert.exe" command? Yes, "makecert.exe" c...
Certificate summary - Owner: Thawte DV SSL CA, Domain Validated SSL, "Thawte, Inc.", US Issuer: thaw...
What certificates are included in the OpenJDK 11 default trusted certificate keystore file: "cacerts...
Certificate Summary: Subject: Microsoft Azure TLS Issuing CA 06 Issuer: DigiCert Global Root G2 Expi...
How to generate a new private key with a public key and generate a self-signed certificate using a s...