Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (918)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (3185)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2559)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -x509 -extensions" - Test Self-Signed Certificate V3 Extensions
How to run OpenSSL "req -509" command to generate self-signed certificate with x.509 v3 extensions? I have x509_extensions option defined in the configuration file.
✍: FYIcenter.com
If you want to run OpenSSL "req -509" command to generate self-signed certificate with x.509 v3 extensions,
you can follow this example:
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter x509_extensions = my_req_x509_ext # section for "req -x509" command options [my_req_x509_ext] basicConstraints = critical, CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer:always keyUsage = cRLSign, keyCertSign extendedKeyUsage = codeSigning, timeStamping subjectAltName = DNS:ca.fyicenter.com, email:ca@fyicenter.com issuerAltName = issuer:copy C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -x509 -in rsa_test.csr -key rsa_test.key -out test.crt -config test.cnf OpenSSL> x509 -in test.crt -text -noout Certificate: ... X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB X509v3 Authority Key Identifier: keyid:99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB DirName:/C=us/ST=NY/L=New York/O=Donald Inc./OU=IT/CN=www.donald.inc /emailAddress=john@donald.inc serial:9F:9C:32:31:B4:3D:B8:56 X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Extended Key Usage: Code Signing, Time Stamping X509v3 Subject Alternative Name: DNS:ca.fyicenter.com, email:ca@fyicenter.com X509v3 Issuer Alternative Name: DNS:ca.fyicenter.com, email:ca@fyicenter.com Signature Algorithm: md5WithRSAEncryption 20:87:f1:2f:fa:95:38:56:8e:b3:cd:0f:08:74:bc:4a:61:06: 01:a9:35:17:80:61:d9:91:80:23:bb:ec:9e:a5:fb:8b:e9:e9: 0d:ab:c3:d9:0a:c7:0e:35:d7:58:00:07:ad:00:d0:4f:85:1a: 58:ce:9a:f9:1c:75:ba:41:89:69
As you can see from the output, x.509 v3 extensions are added to the self-signed certificate correctly.
⇒ OpenSSL "req -new" - CSR Attributes
⇐ OpenSSL "req -x509 -extensions" - Specify Self-Signed Certificate V3 Extensions
2016-09-23, 1913👍, 0💬
Popular Posts:
Certificate summary - Owner: www.siteadvisor.com, McAfee Inc., Dmcafee, Dcom Issuer: NAI SSL CA v1, ...
Where to click to get more Website information in Google Chrome? I want to know if the page I am int...
What is the DER (Distinguished Encoding Rules) encoding used in the OpenSSL "asn1parse" command? DER...
Certificate Summary: Subject: Entrust Certification Authority - L1K Issuer: Entrust Root Certificati...
Certificate Summary: Subject: SwissSign Silver CA - G2 Issuer: SwissSign Silver CA - G2 Expiration: ...