[openssl-users] 802.1AR certificate generation and the config file
Michael Ströder
michael at stroeder.com
Sat Aug 12 14:28:49 UTC 2017
Robert Moskowitz wrote:
> On 08/11/2017 02:47 PM, Dr. Stephen Henson wrote:
>> On Fri, Aug 11, 2017, Robert Moskowitz wrote:
>>
>>> I would want the 'openssl req' command to prompt for hwType and
>>> hsSerialNum. At least for now.
>>>
>> Note that you can't get the 'openssl req' command prompt for this but you can
>> generate the extension in an appropriate syntax: see my other message for
>> details.
>>
>> You could prompt externally and pass the values as environment variables to
>> openssl req of constuct the whole config file on the fly.
>
> Sigh.
>
> Making some headway. Figured out you cannot have an alternative [ req ] section in the
> config; no way to specify it. Thus a completely separate config_8021AR to specify a
> different distinguishedname set of fields. Got that, now to get started on SAN. Will
> read your previous message.
Maybe you should look at the following CLI options for "openssl req":
-subj arg set or modify request subject
[..]
-extensions .. specify certificate extension section (override value in config file)
-reqexts .. specify request extension section (override value in config file)
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170812/f28e636f/attachment.bin>
More information about the openssl-users
mailing list