Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (70)
EC Keys (870)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (3114)
Revoked Certificates (16)
Root CA (85)
RSA Keys (2509)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "ca" - Sign the CSR Again
How to sign the a CSR again the OpenSSL "ca" command? It was signed for 1 year the first time. But the requester wants the certificate to valid for 3 years.
✍: FYIcenter.com
If you sign a CSR incorrectly and want to sign it again with the OpenSSL "ca" command,
you need to revoke the certificate, then sign it again correctly.
The following test shows you how to sign a CSR again after revoke the certificate from the first signing:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt -out test.crt -policy policy_anything Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4098 (0x1002) ... Certificate is to be certified until Jul 31 23:40:49 2017 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated OpenSSL> ca -revoke test.crt -keyfile my_ca.key -cert my_ca.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter Revoking Certificate 1002. Data Base Updated OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt -out test.crt -policy policy_anything -days 730 Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4099 (0x1003) ... Certificate is to be certified until Jul 31 23:45:22 2018 GMT (730 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated OpenSSL> exit C:\Users\fyicenter>type demoCA\index.txt ... R 170901014049Z 160901014346Z 1002 unknown /C=US/ST=NY/L=NY /O=FYIcenter.com/CN=www.fyicenter.com/emailAddress=joe@fyicenter.com V 180901014522Z 1003 unknown /C=US/ST=NY/L=NY /O=FYIcenter.com/CN=www.fyicenter.com/emailAddress=joe@fyicenter.com
⇒ OpenSSL "ca" - "error while loading CRL number"
2016-09-10, 1872👍, 0💬
Popular Posts:
How to find the OCSP server URL of certificate's CA? I want to check the status of a certificate usi...
Certificate summary - Owner: WebSpace-Forum Server CA, "WebSpace-Forum, Thomas Wendt", DE Issuer: UT...
Certificate summary - Owner: EMAILADDRESS=eDell_Produ ction_Management@dell.co m,www.dell.com (Prod),...
How to export my private key from the system certificate store into a file? The "export the private ...
Certificate Summary: Subject: GlobalSign GCC R3 DV TLS CA 2020 Issuer: GlobalSign Expiration: 2029-0...