Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (71)
EC Keys (1991)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (5821)
Revoked Certificates (16)
Root CA (85)
RSA Keys (4762)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -x509 -extensions" - Test Self-Signed Certificate V3 Extensions
How to run OpenSSL "req -509" command to generate self-signed certificate with x.509 v3 extensions? I have x509_extensions option defined in the configuration file.
✍: FYIcenter.com
If you want to run OpenSSL "req -509" command to generate self-signed certificate with x.509 v3 extensions,
you can follow this example:
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter x509_extensions = my_req_x509_ext # section for "req -x509" command options [my_req_x509_ext] basicConstraints = critical, CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer:always keyUsage = cRLSign, keyCertSign extendedKeyUsage = codeSigning, timeStamping subjectAltName = DNS:ca.fyicenter.com, email:ca@fyicenter.com issuerAltName = issuer:copy C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -x509 -in rsa_test.csr -key rsa_test.key -out test.crt -config test.cnf OpenSSL> x509 -in test.crt -text -noout Certificate: ... X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB X509v3 Authority Key Identifier: keyid:99:FB:5B:B6:BE:B4:E2:2B:4D:46:75:3F:0E:5E:52:36:F1:0E:A4:DB DirName:/C=us/ST=NY/L=New York/O=Donald Inc./OU=IT/CN=www.donald.inc /emailAddress=john@donald.inc serial:9F:9C:32:31:B4:3D:B8:56 X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Extended Key Usage: Code Signing, Time Stamping X509v3 Subject Alternative Name: DNS:ca.fyicenter.com, email:ca@fyicenter.com X509v3 Issuer Alternative Name: DNS:ca.fyicenter.com, email:ca@fyicenter.com Signature Algorithm: md5WithRSAEncryption 20:87:f1:2f:fa:95:38:56:8e:b3:cd:0f:08:74:bc:4a:61:06: 01:a9:35:17:80:61:d9:91:80:23:bb:ec:9e:a5:fb:8b:e9:e9: 0d:ab:c3:d9:0a:c7:0e:35:d7:58:00:07:ad:00:d0:4f:85:1a: 58:ce:9a:f9:1c:75:ba:41:89:69
As you can see from the output, x.509 v3 extensions are added to the self-signed certificate correctly.
⇒ OpenSSL "req -new" - CSR Attributes
⇐ OpenSSL "req -x509 -extensions" - Specify Self-Signed Certificate V3 Extensions
2016-09-23, 2288👍, 0💬
Popular Posts:
How to view the ASN.1 structure of an RSA public key using the OpenSSL "asn1parse" command? You can ...
Certificate summary - Owner: Starfield Class 2 Certification Authority, "Starfield Technologies, Inc...
Certificate Summary: Subject: T-TeleSec GlobalRoot Class 2 Issuer: T-TeleSec GlobalRoot Class 2 Expi...
Where I can get a list of all root CA certificates provided by Microsoft on Windows? Here is a compl...
Certificate summary - Owner: thepiratebay.se, Domain Control Validated Issuer: SERIALNUMBER=10688435...