Generate certificate with very few information using OpenSSL

Question

I would like to generate a certificate with only a few information to get a very small certificate, maybe just the Version, Serial Number, Issuer, Validaty, Public Key and the signature.

I am asking this because the certificate I have just generated using openssl has about 900Bytes which is too much for the purposes I want.

I want a certificate to use with ecdsa 256 with nistp256.

Answer 1

Why do not you consider some good compression algorithm to reduce the size?

Or you can reduce the key size to reduce the overall size. As far as I know, you can generate minimal certificate with some basic information (Version, Serial Number, Issuer, Subject, Validity, public key and signature are required). You can omit the extensions and keep these fields too small.

To reduce the size, you can reduce the size of these information. However, version (as governed by standard), serial number, issuer (governed by issuer authority) and validity are not in your control. Signature is also depends on signer's public key which may not be in your control (unless you are signing yourself or using self-signed certificate) as it depends on size of the signing private key and hashing algorithm.

Only things in your control are subject (you may on your choice can keep it very small) and public key (you can choose size and algorithm but that may compromise the security or issuer may not allow).

Over and above, you can use some compression if that can reduce the size of certificate significantly.