9/4/2023 0 Comments Openssl commands![]() ![]() <(printf "\n\nsubjectAltName=DNS:,DNS:\Īll one line: openssl req -new -sha256 -key domain.key -subj "/C=US/ST=CA/O=Acme, Inc./CN=" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\nsubjectAltName=DNS:,DNS:-out domain.csrĮxample use: openssl req -new -sha256 -key domain.key -subj "/C=US/ST=CA/O=Acme, Inc./CN=" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n\nsubjectAltName=DNS:,DNS:-out openssl req -in domain.csr -text -noout This has been merged into the master branch of the openssl command on Github, and as of Apcan be installed via a git pull + compile (or via Homebrew if on OS X: brew install -devel that if you have set the config attribute "req_extensions" at section "" in openssl.cfg, it will ignore the command-line parameterīased on link from DarkLighting, here's the command I came up with using nested subshells. ![]() extension 'certificatePolicies = 1.2.3.4' Openssl req -new -extension 'subjectAltName = DNS:dom.ain, DNS:oth.er' \ The idea is to be able to add extension value lines directly on theĬommand line instead of through the config file, for example: The commit message itself is also helpful to understand what's happening: Add 'openssl req' option to specify extension values on command line newkey rsa:2048 -keyout key.pem -out req.pem addext "certificatePolicies = 1.2.3.4" \ addext "subjectAltName = DNS:foo.co.uk" \ The commit adds an example to the openssl req man page: Example of giving the most common attributes (subject and extensions) As of OpenSSL 1.1.1, providing subjectAltName directly on command line becomes much easier, with the introduction of the -addext flag to openssl req (via this commit).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |