Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (83)
EC Keys (2461)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6619)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5332)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -new -reqexts" - Test CSR V3 Extensions
How to run OpenSSL "req -new" command to generate CSR with x.509 v3 extensions? I have req_extensions option defined in the configuration file.
✍: FYIcenter.com
If you want to run OpenSSL "req -new" command to generate CSR with x.509 v3 extensions, you can follow this example:
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] default_bits = 1024 input_password = fyicenter prompt = yes distinguished_name = my_req_dn_prompt req_extensions = my_req_ext # section for DN fields [my_req_dn_prompt] emailAddress = Email emailAddress_default = john@it.fyicenter.com # section for x.509 v3 extension for CSR [my_req_ext] basicConstraints = critical, CA:false subjectKeyIdentifier = hash keyUsage = cRLSign, keyCertSign extendedKeyUsage = codeSigning, timeStamping subjectAltName = email:john@fyicenter.com C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Email [john@it.fyicenter.com]: OpenSSL> req -in test.csr -text -noout Certificate Request: Data: Version: 0 (0x0) Subject: emailAddress=john@it.fyicenter.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:c2:70:cd:16:29:62:cb:5d:70:5b:5f:45:bb:34: d4:fb:dd:dd:c7:e3:68:3c:2f:8b:06:0a:71:20:bd: ff:94:98:e4:33:51:f7:08:a2:86:6f:fd:08:51:9b: 06:28:8d:48:f3:0f:23:a3:67:bf:e7:b0:9d:a7:2d: f8:85:2c:9b:be:4f:44:62:71:de:e6:0e:52:9b:e0: 37:a5:93:54:84:3c:58:87:c7:53:bd:6a:51:70:55: 93:dd:58:7d:73:7e:01:1b:19:f0:36:be:bc:b4:20: 7c:82:e1:ff:89:b6:83:e3:7a:5a:11:e7:27:e3:bf: 02:5f:5a:b7:25:a0:c7:58:5f Exponent: 65537 (0x10001) Attributes: Requested Extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 53:81:07:93:7F:60:94:B2:37:2C:B8:2B:8A:2B:5C:08:BC:7A:C8:9E X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Extended Key Usage: Code Signing, Time Stamping X509v3 Subject Alternative Name: email:john@fyicenter.com Signature Algorithm: md5WithRSAEncryption 89:a9:ee:b1:c1:e4:96:51:a6:f7:f8:75:63:fd:51:5b:94:ad: c7:e5:63:6e:58:db:4e:ef:f2:fc:87:6f:fa:2e:66:32:bb:9f: ba:d6:50:d7:f7:dc:44:1b:da:2f:f8:e1:4f:47:b3:75:8e:a7: 4a:10:a1:e2:ea:e8:f7:f4:99:73:f6:0f:a6:85:b1:8c:16:44: 05:19:f7:8c:59:c5:fc:d8:cb:a3:f5:69:45:74:a2:66:a4:d3: 0f:d3:0d:53:40:80:42:1c:3e:87:7d:99:e4:43:e0:22:9f:11: 5b:e4:a2:9c:29:06:e9:bb:f0:01:33:c4:8c:2e:eb:6e:fc:6e: f6:c1
The output of the test confirms that x.509 v3 extensions are inserted correctly in the resulting CSR.
⇒ OpenSSL "req -x509 -extensions" - Specify Self-Signed Certificate V3 Extensions
2016-10-25, 2945🔥, 0💬
Popular Posts:
Certificate summary - Owner: *.w3.org, Gandi Standard Wildcard SSL, Domain Control Validated Issuer:...
Certificate summary - Owner: target.zedo.com, Domain Validated, Thawte SSL123 certificate, Go to htt...
Certificate summary - Owner: Microsoft Internet Authority Issuer: Baltimore CyberTrust Root, CyberTr...
How to list all certificates stored in the "cert8.db" file by Firefox? I know where "cert8.db" is lo...
How to validate a self-signed certificate using OpenSSL "verify" command? You can validate your self...