Madhavan
Reputation: 230
Create Self Signed Certificate with Subject Key Identifier
I want to create a self signed certificate with RSA algorithm keysize 2048 with subject key identifier. I know we made some some default change in openssl.conf. What i suppose to change?
genrsa -des3 -out mcedt.key 2048
req -new -key mcedt.key -out mcedt.csr
CN = server.test , OU =, O =, L = Toronto, S = ontario , C = can
x509 -req -days 365 -in mcedt.csr -signkey mcedt.key -out mcedt.crt
pkcs12 -export -in mcedt.crt -inkey mcedt.key -out mcedt.pfx
Upvotes: 2
Views: 19719
Answers (1)
Camille G.
Reputation: 3246
You could create an extension file (extensions.cnf) with the following information:
subjectKeyIdentifier=hash
as mentioned by OpenSSL :
This is really a string extension and can take two possible values. Either the word hash which will automatically follow the guidelines in RFC3280 or a hex string giving the extension value to include. The use of the hex string is strongly discouraged.
Then you should change
x509 -req -days 365 -in mcedt.csr -signkey mcedt.key -out mcedt.crt
into
x509 -req -days 365 -extfile extensions.cnf -in mcedt.csr -signkey mcedt.key -out mcedt.crt
Upvotes: 8
Related Questions
- C# generate Self Signed Cert with Subject Alternative Name?
- Open SSL generate x509 self signed certificate with Friendly Name
- How to extract subject key identifier from x509 certificate through openssl
- Specify Subject Alternative Name when generating a self signed certificate
- How to create self signed certificate with openssl 1.1.1
- How to create signed x509certificate with a private key using a self signed certificate
- How to create a self signed certificate using SelfSSL
- OpenSSL generate and sign certificate with custom subject fields
- How to generate SSL certificate with private key?
- How to create an X509Certificate2 that is signed by another (self-signed) certificate?