Creating an x509 v3 user certificate by signing CSR

openssl certificate x509 csr code-signing-certificate
49,666

Solution 1

You need to specify an extensions file.

For example:

openssl x509 -days 365 -in myCSR.csr -extfile v3.ext -CA myCA.crt -CAkey myCA.key -CAcreateserial -out userCertificate.crt

The extensions file (v3.ext) can look like this:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

Solution 2

The answer of gtrig works if you have -req as well. It didn't work without that for me.

So the command is:

openssl x509 -req -in myCSR.csr -extfile v3.ext -CA myCA.crt -CAkey myCA.key -CAcreateserial -out userCertificate.crt  -days 365

(had to give as a new answer as I don't have enough rep. to comment).

Share:
49,666
Hex-Omega
Author by

Hex-Omega

Updated on January 30, 2021

Comments

  • Hex-Omega
    Hex-Omega over 3 years

    I know how to sign a CSR using openssl, but the result certificate is an x509 v1, and not v3.

    I'm using the following commands:

    x509 -req -days 365 -in myCSR.csr -CA myCA.crt -CAkey myCA.key -CAcreateserial -out userCertificate.crt

    I've searched but have not been able to find a solution. Is there another way to do this programmatically?

  • Aleksandar
    Aleksandar almost 6 years
    This might be a good place to say that You can specify the SAN (Subject Alternative Names) in the extension file by adding a line: subjectAltName=DNS:hostname, IP:192.168.7.1. You can leave out the DNS or IP part, but don't forget to remove the comma then. More info here.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Windows 2008R2 CA & OpenSSL CSR: Error parsing CSR ASN1 bad value met
How to create a single line x509 certificate that can be parsed by OpenSSL commandline tool
How to use OpenSSL for self-signed certificates with custom CA and proper SAN settings?
Incorrect Authority Key Identifier on openssl end cert
Convert text certificate to crt file
openssl generate .key from CSR
openssl certificate chain lost when converting from pem to der
OPENSSL Save x509 certificate of a website
OpenSSL x509 Purpose flag "Any Purpose" What is this?
Generate CSR including certificate template information with OpenSSL