Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (83)
EC Keys (2389)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6526)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5267)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -x509 -extensions" - Specify Self-Signed Certificate V3 Extensions
How to specify x.509 v5 extensions options in the configuration file for generating self-signed certificate using the OpenSSL "req -x509" command?
✍: FYIcenter.com
You can use x.509 v3 extensions options when using OpenSSL "req -x509" command to generate a self-signed certificate. The provided x509 extensions will be included in the resulting self-signed certificate.
In order to user x.509 v3 extensions options for the OpenSSL "req -x509" command, first you need write them in a named section in the configuration file. For example:
[my_req_x509_ext] basicConstraints = critical, CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer:always keyUsage = cRLSign, keyCertSign extendedKeyUsage = codeSigning, timeStamping subjectAltName = DNS:ca.fyicenter.com, email:ca@fyicenter.com issuerAltName = issuer:copy
Then you can provided this named section [my_req_x509_ext] to the "req -x509" command in two ways:
1. Using "x509_extensions" option in the [req] section - You can set "x509_extensions=my_req_x509_ext" in the [req] section of the configuration file. For example:
[req] input_password = fyicenter x509_extensions = my_req_x509_ext ... [my_req_x509_ext] ...
2. Using "-extensions" option in the "req -x509" command - For example, "req -x509 -extensions my_req_x509_ext" command will take x.509 v3 extensions from the [my_req_x509_ext] section in the configuration file.
Note that you can use any of x.509 v3 extensions when generating self-signed certificates using the "req -x509" command. But some of them are useless in the case of self-signed certificates.
⇒ OpenSSL "req -x509 -extensions" - Test Self-Signed Certificate V3 Extensions
2016-10-25, 7040👍, 0💬
Popular Posts:
Certificate summary - Owner: GlobalSign, GlobalSign, GlobalSign Root CA - R2 Issuer: GlobalSign Root...
Certificate summary - Owner: www.ups.com, Comodo EV SAN SSL, Transaction Services J2EE, "United Parc...
Certificate summary - Owner: www.paypal.com, Hosting Support, "PayPal, Inc.", STREET=2211 N 1st St, ...
Why I am getting the "error while loading CRL number" error when running OpenSSL "ca -gencrl" comman...
Certificate summary - Owner: *.secure.pixiv.net, pixiv Inc., Development Department, L=Shibuya-ku, S...