Collections:
Other Resources:
OpenSSL "req -x509 -extensions" - Specify Self-Signed Certificate V3 Extensions
How to specify x.509 v5 extensions options in the configuration file for generating self-signed certificate using the OpenSSL "req -x509" command?
✍: FYIcenter.com
You can use x.509 v3 extensions options when using OpenSSL "req -x509" command to generate a self-signed certificate. The provided x509 extensions will be included in the resulting self-signed certificate.
In order to user x.509 v3 extensions options for the OpenSSL "req -x509" command, first you need write them in a named section in the configuration file. For example:
[my_req_x509_ext] basicConstraints = critical, CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer:always keyUsage = cRLSign, keyCertSign extendedKeyUsage = codeSigning, timeStamping subjectAltName = DNS:ca.fyicenter.com, email:ca@fyicenter.com issuerAltName = issuer:copy
Then you can provided this named section [my_req_x509_ext] to the "req -x509" command in two ways:
1. Using "x509_extensions" option in the [req] section - You can set "x509_extensions=my_req_x509_ext" in the [req] section of the configuration file. For example:
[req] input_password = fyicenter x509_extensions = my_req_x509_ext ... [my_req_x509_ext] ...
2. Using "-extensions" option in the "req -x509" command - For example, "req -x509 -extensions my_req_x509_ext" command will take x.509 v3 extensions from the [my_req_x509_ext] section in the configuration file.
Note that you can use any of x.509 v3 extensions when generating self-signed certificates using the "req -x509" command. But some of them are useless in the case of self-signed certificates.
⇒ OpenSSL "req -x509 -extensions" - Test Self-Signed Certificate V3 Extensions
2016-10-25, 7535🔥, 0💬
Popular Posts:
What options are supported by the "keytool -printcertreq" command? Java Keytool can be used to print...
Where to find tutorials on managing certificate in Internet Explorer (IE)? I want to learn how IE st...
Certificate summary - Owner: *.b.ssl.fastly.net, "Fastly, Inc.", L=San Francisco, ST=California, US ...
How to use the "keytool -genkeypair" command? I want to generate a pair of public key and private ke...
Certificate summary - Owner: www.ftc.gov, FEDERAL TRADE COMMISSION, L=Washington, ST=District Of Col...