Collections:
Other Resources:
OpenSSL "req -x509 -extensions" - Test Self-Signed Certificate V3 Extensions
How to run OpenSSL "req -509" command to generate self-signed certificate with x.509 v3 extensions? I have x509_extensions option defined in the configuration file.
✍: FYIcenter.com
If you want to run OpenSSL "req -509" command to generate self-signed certificate with x.509 v3 extensions, you can follow this example:
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter x509_extensions = my_req_x509_ext # section for "req -x509" command options [my_req_x509_ext] basicConstraints = critical, CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer:always keyUsage = cRLSign, keyCertSign extendedKeyUsage = codeSigning, timeStamping subjectAltName = DNS:ca.fyicenter.com, email:ca@fyicenter.com issuerAltName = issuer:copy C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -x509 -in rsa_test.csr -key rsa_test.key -out test.crt -config test.cnf OpenSSL> x509 -in test.crt -text -noout Certificate: ... X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB X509v3 Authority Key Identifier: keyid:99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB DirName:/C=us/ST=NY/L=New York/O=Donald Inc./OU=IT/CN=www.donald.inc /emailAddress=john@donald.inc serial:9F:9C:32:31:B4:3D:B8:56 X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Extended Key Usage: Code Signing, Time Stamping X509v3 Subject Alternative Name: DNS:ca.fyicenter.com, email:ca@fyicenter.com X509v3 Issuer Alternative Name: DNS:ca.fyicenter.com, email:ca@fyicenter.com Signature Algorithm: md5WithRSAEncryption 20:87:f1:2f:fa:95:38:56:8e:b3:cd:0f:08:74:bc:4a:61:06: 01:a9:35:17:80:61:d9:91:80:23:bb:ec:9e:a5:fb:8b:e9:e9: 0d:ab:c3:d9:0a:c7:0e:35:d7:58:00:07:ad:00:d0:4f:85:1a: 58:ce:9a:f9:1c:75:ba:41:89:69
As you can see from the output, x.509 v3 extensions are added to the self-signed certificate correctly.
⇒ OpenSSL "req -new" - CSR Attributes
⇐ OpenSSL "req -x509 -extensions" - Specify Self-Signed Certificate V3 Extensions
2016-09-23, 2932🔥, 0💬
Popular Posts:
Certificate Summary: Subject: Security Communication RootCA2 Issuer: Security Communication RootCA2 ...
Certificate Summary: Subject: Internet Widgits Pty Ltd Issuer: Internet Widgits Pty Ltd Expiration: ...
How to generate a new DH key pair with a longer key size using OpenSSL "genpkey" command? If you nee...
What is the purpose of the OpenSSL "rsautl -sign" command? Can I use it to sign a document? Yes, you...
Certificate summary - Owner: www.match.com, "MATCH.COM, L.L.C.", "MATCH.COM, L.L.C.", STREET=8300 Do...