Collections:
Other Resources:
OpenSSL "ca" - Sign the CSR Again
How to sign the a CSR again the OpenSSL "ca" command? It was signed for 1 year the first time. But the requester wants the certificate to valid for 3 years.
✍: FYIcenter.com
If you sign a CSR incorrectly and want to sign it again with the OpenSSL "ca" command,
you need to revoke the certificate, then sign it again correctly.
The following test shows you how to sign a CSR again after revoke the certificate from the first signing:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt -out test.crt -policy policy_anything Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4098 (0x1002) ... Certificate is to be certified until Jul 31 23:40:49 2017 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated OpenSSL> ca -revoke test.crt -keyfile my_ca.key -cert my_ca.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter Revoking Certificate 1002. Data Base Updated OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt -out test.crt -policy policy_anything -days 730 Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4099 (0x1003) ... Certificate is to be certified until Jul 31 23:45:22 2018 GMT (730 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated OpenSSL> exit C:\Users\fyicenter>type demoCA\index.txt ... R 170901014049Z 160901014346Z 1002 unknown /C=US/ST=NY/L=NY /O=FYIcenter.com/CN=www.fyicenter.com/emailAddress=joe@fyicenter.com V 180901014522Z 1003 unknown /C=US/ST=NY/L=NY /O=FYIcenter.com/CN=www.fyicenter.com/emailAddress=joe@fyicenter.com
⇒ OpenSSL "ca" - "error while loading CRL number"
2016-09-10, 2777🔥, 0💬
Popular Posts:
How to view certificate details, like who is the subject and who is the issuer, with getacert.com? V...
Certificate summary - Owner: *.blogger.com, Google Inc, L=Mountain View, ST=California, US Issuer: G...
Certificate Summary: Subject: CLI-Login Issuer: CLI-Login Expiration: 2018-12-06 14:05:46 UTC Key Id...
Certificate summary - Owner: web1.plala.or.jp, Network Engineering Dpt., NTT Plala Inc., L=Toshima-k...
Certificate summary - Owner: *.outbrain.com, Operations, Outbrain Inc., L=New York, ST=New York, US ...