OpenSSL "req -new -reqexts" - Test CSR V3 Extensions

Q

How to run OpenSSL "req -new" command to generate CSR with x.509 v3 extensions? I have req_extensions option defined in the configuration file.

✍: FYIcenter.com

A

If you want to run OpenSSL "req -new" command to generate CSR with x.509 v3 extensions, you can follow this example:

C:\Users\fyicenter>type test.cnf
# unnamed section of generic options
default_md = md5

# default section for "req" command options
[req]
default_bits       = 1024
input_password     = fyicenter
prompt             = yes
distinguished_name = my_req_dn_prompt
req_extensions     = my_req_ext 

# section for DN fields
[my_req_dn_prompt]
emailAddress         = Email
emailAddress_default = john@it.fyicenter.com

# section for x.509 v3 extension for CSR
[my_req_ext]
basicConstraints       = critical, CA:false
subjectKeyIdentifier   = hash
keyUsage               = cRLSign, keyCertSign
extendedKeyUsage       = codeSigning, timeStamping
subjectAltName         = email:john@fyicenter.com

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Email [john@it.fyicenter.com]:

OpenSSL> req -in test.csr -text -noout
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: emailAddress=john@it.fyicenter.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:c2:70:cd:16:29:62:cb:5d:70:5b:5f:45:bb:34:
                    d4:fb:dd:dd:c7:e3:68:3c:2f:8b:06:0a:71:20:bd:
                    ff:94:98:e4:33:51:f7:08:a2:86:6f:fd:08:51:9b:
                    06:28:8d:48:f3:0f:23:a3:67:bf:e7:b0:9d:a7:2d:
                    f8:85:2c:9b:be:4f:44:62:71:de:e6:0e:52:9b:e0:
                    37:a5:93:54:84:3c:58:87:c7:53:bd:6a:51:70:55:
                    93:dd:58:7d:73:7e:01:1b:19:f0:36:be:bc:b4:20:
                    7c:82:e1:ff:89:b6:83:e3:7a:5a:11:e7:27:e3:bf:
                    02:5f:5a:b7:25:a0:c7:58:5f
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                53:81:07:93:7F:60:94:B2:37:2C:B8:2B:8A:2B:5C:08:BC:7A:C8:9E
            X509v3 Key Usage:
                Certificate Sign, CRL Sign
            X509v3 Extended Key Usage:
                Code Signing, Time Stamping
            X509v3 Subject Alternative Name:
                email:john@fyicenter.com
    Signature Algorithm: md5WithRSAEncryption
         89:a9:ee:b1:c1:e4:96:51:a6:f7:f8:75:63:fd:51:5b:94:ad:
         c7:e5:63:6e:58:db:4e:ef:f2:fc:87:6f:fa:2e:66:32:bb:9f:
         ba:d6:50:d7:f7:dc:44:1b:da:2f:f8:e1:4f:47:b3:75:8e:a7:
         4a:10:a1:e2:ea:e8:f7:f4:99:73:f6:0f:a6:85:b1:8c:16:44:
         05:19:f7:8c:59:c5:fc:d8:cb:a3:f5:69:45:74:a2:66:a4:d3:
         0f:d3:0d:53:40:80:42:1c:3e:87:7d:99:e4:43:e0:22:9f:11:
         5b:e4:a2:9c:29:06:e9:bb:f0:01:33:c4:8c:2e:eb:6e:fc:6e:
         f6:c1

The output of the test confirms that x.509 v3 extensions are inserted correctly in the resulting CSR.

⇒ OpenSSL "req -x509 -extensions" - Specify Self-Signed Certificate V3 Extensions

⇐ OpenSSL "req -new -reqexts" - Specify CSR V3 Extensions

⇑ OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-10-25, 2945🔥, 0💬

OpenSSL "req -new -reqexts" - Specify CSR V3 Extensions
How to specify x.509 v3 extensions options in the configuration file for generating CSR using the OpenSSL "req" command? You can use x.509 v3 extensions options when using OpenSSL "req -new" command to generate a CSR (Certificate Signing Request). The provided x509 extensions will be included in the... 2016-10-25, 12545🔥, 0💬

OpenSSL "req -new" - CSR Attributes
How to add attributes in new CSR using OpenSSL "req -new" command? I was asked to create a CSR with a challenge password an attribute. In order to add attributes to new CSR created by the OpenSSL "req -new" command, first you need to write attribute options in a named section in the configuration fi... 2016-09-23, 10895🔥, 0💬

OpenSSL "req" - X509 V3 Extensions Configuration Options
What are X509 V3 extensions options in the configuration file for the OpenSSL "req" command? X509 V3 extensions options in the configuration file allows you to add extension properties into x.509 v3 certificate when you use OpenSSL commands to generate CSR and self-signed certificates. X509 V3 exten... 2016-10-26, 10781🔥, 0💬

OpenSSL "req -x509 -extensions" - Specify Self-Signed Certificate V3 Extensions
How to specify x.509 v5 extensions options in the configuration file for generating self-signed certificate using the OpenSSL "req -x509" command? You can use x.509 v3 extensions options when using OpenSSL "req -x509" command to generate a self-signed certificate. The provided x509 extensions will b... 2016-10-25, 7079🔥, 0💬

OpenSSL "req" - Good Sample openssl.conf
Where can I get a good sample configuration file openssl.conf for OpenSSL "req" command? Below is a good sample configuration file openssl.conf for OpenSSL "req" command with explanations: C:\Users\fyicenter>type openssl.conf # Unnamed section of generic options # ... # ----------------------... 2016-09-23, 6455🔥, 0💬

OpenSSL "req -new" - DN Fields for Personal Certificates
How to use additional DN fields to create CSR for personal certificates? You can set additional DN fields in the configuration file to allow OpenSSL "req -new" command to generate CSR for personal certificates. Additional DN fields are: emailAddress, name, surname, givenName, initials and dnQualifie... 2016-10-27, 6337🔥, 0💬

OpenSSL "ca" Command
Where to find tutorials on using OpenSSL "ca" command? Here is a collection of tutorials on using OpenSSL "ca" command compiled by FYIcenter.com team. OpenSSL "ca" Command Options OpenSSL "ca" - Create CSR for Testing OpenSSL "ca" - Create CA Certificate for Testing OpenSSL "ca" Error "./demoCA/newc... 2016-09-23, 4673🔥, 0💬

OpenSSL "req -new" - Repeating DN Fields
Can I repeat a DN field multiple times in the configuration file for the OpenSSL "req -new" command? Yes, you can repeat a DN (Distinguished Name) field multiple times in the configuration file. This can be done by prefix the DN field name with "0.", "1.", and so on. For example. "0.emailAddress=Ema... 2016-10-27, 3179🔥, 0💬

OpenSSL "req -new -reqexts" - Test CSR V3 Extensions
How to run OpenSSL "req -new" command to generate CSR with x.509 v3 extensions? I have req_extensions option defined in the configuration file. If you want to run OpenSSL "req -new" command to generate CSR with x.509 v3 extensions, you can follow this example: C:\Users\fyicenter>type test.cnf... 2016-10-25, 2946🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.