Cloning a CSR or Cert. for a new CSR with a new key?
Dirk-Willem van Gulik
dirkx at webweaving.org
Fri Jan 31 09:39:53 UTC 2020
On 31 Jan 2020, at 01:25, Douglas Morris <dougbmorris at yahoo.com <mailto:dougbmorris at yahoo.com>> wrote:
> Interesting. I think I misunderstood this explanation about the -signkey <file> option: "This option causes the input file to be self signed using the supplied private key."
>
> Your input has me thinking that a certificate signing request is in fact self-signed like a self-signed certificate is self-signed. I think I mistakenly supposed any self-signing meant acting like a "mini CA". I shall give those two x509 options, '-x509toreq' and '-signkey', a try.
Correct - a CSR is generally signed by the party submitting it - thus proving that he or she has access to their own private key.
Dw.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200131/bfbc5a25/attachment.html>
More information about the openssl-users
mailing list