antisaWiki

User Tools

Site Tools

Trace:
wiki:creating_ca_and_signing_server_and_client_certs_with_openssl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
wiki:creating_ca_and_signing_server_and_client_certs_with_openssl [2022/10/25 13:51] – Add more info and openssl commands and configs antisawiki:creating_ca_and_signing_server_and_client_certs_with_openssl [2023/03/21 15:07] – [References] add references antisa
Line 173: Line 173:
  
 </code> </code>
 +Above configuration will prompt you for commonName, organizationName etc. If you want to avoid prompting use below configuration:
 +
 +<code>
 +[ req ]
 +default_bits           = 2048
 +default_keyfile        = keyfile.pem
 +distinguished_name     = req_distinguished_name
 +attributes             = req_attributes
 +prompt                 = no
 +output_password        = mypass
 +
 +[ req_distinguished_name ]
 +C                      = GB
 +ST                     = Test State or Province
 +L                      = Test Locality
 +O                      = Organization Name
 +OU                     = Organizational Unit Name
 +CN                     = Common Name
 +emailAddress           = test@email.address
 +
 +[ req_attributes ]
 +
 +</code>
 +Note that the **prompt=no**, different attribute names in **req_distinguished_name** and empty **req_attributes** part.
 +<WRAP center round info 60%>
 +You cannot define *_min, *_max and *_default when prompt is set to no.
 +</WRAP>
 +
 +<WRAP center round info 60%>
 +Defining Organization Name, Locality etc. will not work with Letsencrypt. O and OU are only used for organization validation certificates. Let’s Encrypt only offers domain validation and can’t make any assertion as to the person or company that owns/manages the domain.
 +</WRAP>
 +
  
 Then after generating the key Then after generating the key
Line 186: Line 218:
 ====== References ====== ====== References ======
   * http://theheat.dk/blog/?p=1023   * http://theheat.dk/blog/?p=1023
 +  * [[https://community.letsencrypt.org/t/organization-o-and-organizational-unit-ou-in-field-issued-to/5236|Letsencrypt does not support O, OU etc. fields in certificates]]
 +  * https://github.com/openssl/openssl/issues/11287#issuecomment-811483183
 +  * https://www.openssl.org/docs/man1.1.1/man1/req.html
 +  * https://groups.google.com/g/mailing.openssl.users/c/kdCLWzJ5w1I
  
wiki/creating_ca_and_signing_server_and_client_certs_with_openssl.txt · Last modified: 2024/04/09 14:08 by antisa
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki