Collections:
Other Resources:
OpenSSL "req -new -reqexts" - Test CSR V3 Extensions
How to run OpenSSL "req -new" command to generate CSR with x.509 v3 extensions? I have req_extensions option defined in the configuration file.
✍: FYIcenter.com
If you want to run OpenSSL "req -new" command to generate CSR with x.509 v3 extensions, you can follow this example:
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] default_bits = 1024 input_password = fyicenter prompt = yes distinguished_name = my_req_dn_prompt req_extensions = my_req_ext # section for DN fields [my_req_dn_prompt] emailAddress = Email emailAddress_default = john@it.fyicenter.com # section for x.509 v3 extension for CSR [my_req_ext] basicConstraints = critical, CA:false subjectKeyIdentifier = hash keyUsage = cRLSign, keyCertSign extendedKeyUsage = codeSigning, timeStamping subjectAltName = email:john@fyicenter.com C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Email [john@it.fyicenter.com]: OpenSSL> req -in test.csr -text -noout Certificate Request: Data: Version: 0 (0x0) Subject: emailAddress=john@it.fyicenter.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:c2:70:cd:16:29:62:cb:5d:70:5b:5f:45:bb:34: d4:fb:dd:dd:c7:e3:68:3c:2f:8b:06:0a:71:20:bd: ff:94:98:e4:33:51:f7:08:a2:86:6f:fd:08:51:9b: 06:28:8d:48:f3:0f:23:a3:67:bf:e7:b0:9d:a7:2d: f8:85:2c:9b:be:4f:44:62:71:de:e6:0e:52:9b:e0: 37:a5:93:54:84:3c:58:87:c7:53:bd:6a:51:70:55: 93:dd:58:7d:73:7e:01:1b:19:f0:36:be:bc:b4:20: 7c:82:e1:ff:89:b6:83:e3:7a:5a:11:e7:27:e3:bf: 02:5f:5a:b7:25:a0:c7:58:5f Exponent: 65537 (0x10001) Attributes: Requested Extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 53:81:07:93:7F:60:94:B2:37:2C:B8:2B:8A:2B:5C:08:BC:7A:C8:9E X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Extended Key Usage: Code Signing, Time Stamping X509v3 Subject Alternative Name: email:john@fyicenter.com Signature Algorithm: md5WithRSAEncryption 89:a9:ee:b1:c1:e4:96:51:a6:f7:f8:75:63:fd:51:5b:94:ad: c7:e5:63:6e:58:db:4e:ef:f2:fc:87:6f:fa:2e:66:32:bb:9f: ba:d6:50:d7:f7:dc:44:1b:da:2f:f8:e1:4f:47:b3:75:8e:a7: 4a:10:a1:e2:ea:e8:f7:f4:99:73:f6:0f:a6:85:b1:8c:16:44: 05:19:f7:8c:59:c5:fc:d8:cb:a3:f5:69:45:74:a2:66:a4:d3: 0f:d3:0d:53:40:80:42:1c:3e:87:7d:99:e4:43:e0:22:9f:11: 5b:e4:a2:9c:29:06:e9:bb:f0:01:33:c4:8c:2e:eb:6e:fc:6e: f6:c1
The output of the test confirms that x.509 v3 extensions are inserted correctly in the resulting CSR.
⇒ OpenSSL "req -x509 -extensions" - Specify Self-Signed Certificate V3 Extensions
2016-10-25, 3157🔥, 0💬
Popular Posts:
Certificate Summary: Subject: www.yahoo.com Issuer: Equifax Secure Certificate Authority Expiration:...
Where to click to get more Web site information in IE? I want to know if the page I am reading is se...
How to connect to a HTTPS Web site using OpenSSL? I see the Web sites using the "https:\" format. If...
Certificate summary - Owner: www.fedex.com, EIS-WSAS, FedEx Corporation, STREET=942 S Shady Grove Rd...
Where to find tutorials on using OpenSSL "genpkey" and "pkey" commands for RSA private keys? Here is...