Collections:
Other Resources:
OpenSSL "ca" - Sign the CSR Again
How to sign the a CSR again the OpenSSL "ca" command? It was signed for 1 year the first time. But the requester wants the certificate to valid for 3 years.
✍: FYIcenter.com
If you sign a CSR incorrectly and want to sign it again with the OpenSSL "ca" command, you need to revoke the certificate, then sign it again correctly.
The following test shows you how to sign a CSR again after revoke the certificate from the first signing:
C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt -out test.crt -policy policy_anything Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4098 (0x1002) ... Certificate is to be certified until Jul 31 23:40:49 2017 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated OpenSSL> ca -revoke test.crt -keyfile my_ca.key -cert my_ca.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter Revoking Certificate 1002. Data Base Updated OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt -out test.crt -policy policy_anything -days 730 Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key:fyicenter Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4099 (0x1003) ... Certificate is to be certified until Jul 31 23:45:22 2018 GMT (730 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated OpenSSL> exit C:\Users\fyicenter>type demoCA\index.txt ... R 170901014049Z 160901014346Z 1002 unknown /C=US/ST=NY/L=NY /O=FYIcenter.com/CN=www.fyicenter.com/emailAddress=joe@fyicenter.com V 180901014522Z 1003 unknown /C=US/ST=NY/L=NY /O=FYIcenter.com/CN=www.fyicenter.com/emailAddress=joe@fyicenter.com
⇒ OpenSSL "ca" - "error while loading CRL number"
2016-09-10, 2567🔥, 0💬
Popular Posts:
After signing for the Root and Intermediate CA. when i try to sign a server_cert the following error...
Certificate Summary: Subject: Entrust Root Certification Authority Issuer: Entrust Root Certificatio...
How to generate a new RSA key pair and encrypt the output with a DES password using OpenSSL "genrsa"...
Certificate summary - Owner: www.taringa.net, Domain Validated, Thawte SSL123 certificate, Go to htt...
How to get a list of extended options supported by the "makecert.exe" command? I want to know more o...