Collections:
Other Resources:
OpenSSL "req -x509 -extensions" - Specify Self-Signed Certificate V3 Extensions
How to specify x.509 v5 extensions options in the configuration file for generating self-signed certificate using the OpenSSL "req -x509" command?
✍: FYIcenter.com
You can use x.509 v3 extensions options when using OpenSSL "req -x509" command
to generate a self-signed certificate. The provided x509 extensions will be
included in the resulting self-signed certificate.
In order to user x.509 v3 extensions options for the OpenSSL "req -x509" command, first you need write them in a named section in the configuration file. For example:
[my_req_x509_ext] basicConstraints = critical, CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer:always keyUsage = cRLSign, keyCertSign extendedKeyUsage = codeSigning, timeStamping subjectAltName = DNS:ca.fyicenter.com, email:ca@fyicenter.com issuerAltName = issuer:copy
Then you can provided this named section [my_req_x509_ext] to the "req -x509" command in two ways:
1. Using "x509_extensions" option in the [req] section - You can set "x509_extensions=my_req_x509_ext" in the [req] section of the configuration file. For example:
[req] input_password = fyicenter x509_extensions = my_req_x509_ext ... [my_req_x509_ext] ...
2. Using "-extensions" option in the "req -x509" command - For example, "req -x509 -extensions my_req_x509_ext" command will take x.509 v3 extensions from the [my_req_x509_ext] section in the configuration file.
Note that you can use any of x.509 v3 extensions when generating self-signed certificates using the "req -x509" command. But some of them are useless in the case of self-signed certificates.
⇒ OpenSSL "req -x509 -extensions" - Test Self-Signed Certificate V3 Extensions
2016-10-25, 7798🔥, 0💬
Popular Posts:
Certificate summary - Owner: www.infusionsoft.com, Domain Control Validated Issuer: SERIALNUMBER=079...
Certificate summary - Owner: ssl8540.cloudflare.com, "CloudFlare, Inc.", L=San Francisco, ST=CA, US ...
Certificate Summary: Subject: *.javhd.com Issuer: COMODO RSA Domain Validation Secure Server CA Expi...
Certificate Summary: Subject: www.java.com Issuer: Symantec Class 3 EV SSL CA - G3 Expiration: 2017-...
How to start "certmgr.msc" Management Console on Windows computer? I want to use it manage certifica...