|
|
@@ -2723,6 +2723,49 @@ postalCode = 2.5.4.17 |
|
|
|
streetAddress = 2.5.4.9 |
|
|
|
``` |
|
|
|
|
|
|
|
Full example: |
|
|
|
|
|
|
|
```bash |
|
|
|
( _fd="private.key" ; _fd_csr="request.csr" ; \ |
|
|
|
openssl req -new -sha256 -key ${_fd} -out ${_fd_csr} \ |
|
|
|
-config <( |
|
|
|
cat << __EOF__ |
|
|
|
[req] |
|
|
|
default_bits = 2048 |
|
|
|
default_md = sha256 |
|
|
|
prompt = no |
|
|
|
distinguished_name = dn |
|
|
|
req_extensions = req_ext |
|
|
|
oid_section = new_oids |
|
|
|
|
|
|
|
[ new_oids ] |
|
|
|
serialNumber = 2.5.4.5 |
|
|
|
streetAddress = 2.5.4.9 |
|
|
|
postalCode = 2.5.4.17 |
|
|
|
businessCategory = 2.5.4.15 |
|
|
|
|
|
|
|
[ dn ] |
|
|
|
serialNumber=00001111 |
|
|
|
businessCategory=Private Organization |
|
|
|
jurisdictionC=DE |
|
|
|
C=DE |
|
|
|
ST=Hessen |
|
|
|
L=Keller |
|
|
|
postalCode=424242 |
|
|
|
streetAddress=Crater 1621 |
|
|
|
O=AV Company |
|
|
|
OU=IT |
|
|
|
CN=example.com |
|
|
|
|
|
|
|
[ req_ext ] |
|
|
|
subjectAltName = @alt_names |
|
|
|
|
|
|
|
[ alt_names ] |
|
|
|
DNS.1 = example.com |
|
|
|
__EOF__ |
|
|
|
)) |
|
|
|
``` |
|
|
|
|
|
|
|
For more information please look at these great explanations: |
|
|
|
|
|
|
|
- [RFC 5280](https://tools.ietf.org/html/rfc5280) |
|
|
@@ -2730,6 +2773,8 @@ For more information please look at these great explanations: |
|
|
|
- [Generate a multi domains certificate using config files](https://gist.github.com/romainnorberg/464758a6620228b977212a3cf20c3e08) |
|
|
|
- [Your OpenSSL CSR command is out of date](https://expeditedsecurity.com/blog/openssl-csr-command/) |
|
|
|
- [OpenSSL example configuration file](https://www.tbs-certificats.com/openssl-dem-server-cert.cnf) |
|
|
|
- [Object Identifiers (OIDs)](https://www.alvestrand.no/objectid/) |
|
|
|
- [openssl objects.txt](https://github.com/openssl/openssl/blob/master/crypto/objects/objects.txt) |
|
|
|
|
|
|
|
###### List available EC curves |
|
|
|
|
|
|
|