OpenSSL "req -new" - DN Fields for Personal Certificates

Q

How to use additional DN fields to create CSR for personal certificates?

✍: FYIcenter.com

A

You can set additional DN fields in the configuration file to allow OpenSSL "req -new" command to generate CSR for personal certificates. Additional DN fields are: emailAddress, name, surname, givenName, initials and dnQualifier.

The test below shows you how to use additional DN fields for personal certificates:

C:\Users\fyicenter>type test.cnf
# unnamed section of generic options
default_md = md5

# default section for "req" command options
[req]
input_password     = fyicenter
prompt             = yes
distinguished_name = my_req_dn_prompt

[my_req_dn_prompt]

# Addtional DN fields
emailAddress         = Email
emailAddress_default = john@it

givenName         = First Name
givenName_default = John

surname         = Last Name
surname_default = Smith

initials         = Initials
initials_default = JS

name         = Full Name
name_default = John Smith

dnQualifier         = DN Qualifier
dnQualifier_default = fyicenter.com

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Email [john@it]:
First Name [John]:
Last Name [Smith]:
Initials [JS]:
Full Name [John Smith]:
DN Qualifier [fyicenter.com]:

OpenSSL> req -in test.csr -subject -noout
subject=/emailAddress=john@it/GN=John/SN=Smith/initials=JS/name=John Smith
        /dnQualifier=fyicenter.com

As you can see from the output, the resulting subject identifies well John Smith from the IT department at FYIcenter.com. This is good enough for a personal certificate.

⇒ OpenSSL "req" - X509 V3 Extensions Configuration Options

⇐ OpenSSL "req -new" - Repeating DN Fields

⇑ OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-10-27, ∼7922🔥, 0💬

OpenSSL "req -new -reqexts" - Specify CSR V3 Extensions
How to specify x.509 v3 extensions options in the configuration file for generating CSR using the OpenSSL "req" command? You can use x.509 v3 extensions options when using OpenSSL "req -new" command to generate a CSR (Certificate Signing Request). The provided x509 extensions will be included in the... 2016-10-25, ≈14🔥, 0💬

OpenSSL "req" - X509 V3 Extensions Configuration Options
What are X509 V3 extensions options in the configuration file for the OpenSSL "req" command? X509 V3 extensions options in the configuration file allows you to add extension properties into x.509 v3 certificate when you use OpenSSL commands to generate CSR and self-signed certificates. X509 V3 exten... 2016-10-26, ≈13🔥, 0💬

OpenSSL "req -x509 -extensions" - Specify Self-Signed Certificate V3 Extensions
How to specify x.509 v5 extensions options in the configuration file for generating self-signed certificate using the OpenSSL "req -x509" command? You can use x.509 v3 extensions options when using OpenSSL "req -x509" command to generate a self-signed certificate. The provided x509 extensions will b... 2016-10-25, ∼8339🔥, 0💬

OpenSSL "req -new" - DN Fields for Personal Certificates
How to use additional DN fields to create CSR for personal certificates? You can set additional DN fields in the configuration file to allow OpenSSL "req -new" command to generate CSR for personal certificates. Additional DN fields are: emailAddress, name, surname, givenName, initials and dnQualifie... 2016-10-27, ∼7923🔥, 0💬

OpenSSL "req" - "prompt=yes" Mode with DN Defaults
How to specify DN value defaults when using the "prompt=yes" mode of the OpenSSL "req -new" command? If you are using "prompt=yes" mode, you can also set DN (Distinguished Name) default values in the configuration file. OpenSSL will prompt the user for DN fields with default values. The user can pre... 2016-10-29, ∼6071🔥, 0💬

OpenSSL "req new -batch" - Using DN Default Values Only
How to run OpenSSL "req -new" command in batch mode? I don't OpenSSL to use DN default values only and do not prompt me. If you have DN (Distinguished Name) default values provided in the configuration file, you can run OpenSSl "req -new -batch" command to take default values only without prompt as ... 2016-10-29, ∼5385🔥, 0💬

OpenSSL "req -new" - Repeating DN Fields
Can I repeat a DN field multiple times in the configuration file for the OpenSSL "req -new" command? Yes, you can repeat a DN (Distinguished Name) field multiple times in the configuration file. This can be done by prefix the DN field name with "0.", "1.", and so on. For example. "0.emailAddress=Ema... 2016-10-27, ∼4269🔥, 0💬

OpenSSL "req -new -reqexts" - Test CSR V3 Extensions
How to run OpenSSL "req -new" command to generate CSR with x.509 v3 extensions? I have req_extensions option defined in the configuration file. If you want to run OpenSSL "req -new" command to generate CSR with x.509 v3 extensions, you can follow this example: C:\Users\fyicenter>type test.cnf... 2016-10-25, ∼3911🔥, 0💬

OpenSSL "req -x509 -extensions" - Test Self-Signed Certificate V3 Extensions
How to run OpenSSL "req -509" command to generate self-signed certificate with x.509 v3 extensions? I have x509_extensions option defined in the configuration file. If you want to run OpenSSL "req -509" command to generate self-signed certificate with x.509 v3 extensions, you can follow this example... 2016-09-23, ∼3550🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.