Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (83)
EC Keys (2483)
Firefox (39)
General (10)
Google Chrome (49)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (6653)
Revoked Certificates (16)
Root CA (85)
RSA Keys (5357)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
OpenSSL "req -new" - DN Fields for Personal Certificates
How to use additional DN fields to create CSR for personal certificates?
✍: FYIcenter.com
You can set additional DN fields in the configuration file to allow OpenSSL "req -new" command to generate CSR for personal certificates. Additional DN fields are: emailAddress, name, surname, givenName, initials and dnQualifier.
The test below shows you how to use additional DN fields for personal certificates:
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter prompt = yes distinguished_name = my_req_dn_prompt [my_req_dn_prompt] # Addtional DN fields emailAddress = Email emailAddress_default = john@it givenName = First Name givenName_default = John surname = Last Name surname_default = Smith initials = Initials initials_default = JS name = Full Name name_default = John Smith dnQualifier = DN Qualifier dnQualifier_default = fyicenter.com C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Email [john@it]: First Name [John]: Last Name [Smith]: Initials [JS]: Full Name [John Smith]: DN Qualifier [fyicenter.com]: OpenSSL> req -in test.csr -subject -noout subject=/emailAddress=john@it/GN=John/SN=Smith/initials=JS/name=John Smith /dnQualifier=fyicenter.com
As you can see from the output, the resulting subject identifies well John Smith from the IT department at FYIcenter.com. This is good enough for a personal certificate.
⇒ OpenSSL "req" - X509 V3 Extensions Configuration Options
2016-10-27, 6361🔥, 0💬
Popular Posts:
Certificate summary - Owner: *.hootsuite.com, Domain Control Validated Issuer: SERIALNUMBER=07969287...
How to see the list of trusted root Certification Authorities (CA) and their certificates used by Go...
Certificate summary - Owner: NAI SSL CA v1, NAI Certificate Services, Network Associates Issuer: EMA...
Certificate Summary: Subject: accounts.google.com Issuer: Google Internet Authority G2 Expiration: 2...
It is not always possible for users to enroll for a certificate on their own behalf. This can be the...