[openssl-users] 802.1AR certificate generation and the config file

Robert Moskowitz rgm at htt-consult.com
Fri Aug 11 18:55:01 UTC 2017

On 08/11/2017 02:47 PM, Dr. Stephen Henson wrote:
> On Fri, Aug 11, 2017, Robert Moskowitz wrote:
>> I would want the 'openssl req' command to prompt for hwType and
>> hsSerialNum.  At least for now.
> Note that you can't get the 'openssl req' command prompt for this but you can
> generate the extension in an appropriate syntax: see my other message for
> details.
> You could prompt externally and pass the values as environment variables to
> openssl req of constuct the whole config file on the fly.


Making some headway.  Figured out you cannot have an alternative [ req ] 
section in the config; no way to specify it.  Thus a completely separate 
config_8021AR to specify a different distinguishedname set of fields.  
Got that, now to get started on SAN.  Will read your previous message.


More information about the openssl-users mailing list