What does your openssl.cnf look like, since it is used in the req? On Mon, Aug 17, 2009 at 6:00 PM, Gerald Iakobinyi-Pich <nutri...@gmail.com>wrote:
> Hy, > > So my end goal is to have a CA, which I can use to sign certificates. I > have set up a CA, that was not that hard. But now I want to create > certificates signed by my CA, and I want to provide the subject from the > command line. I don't want it to be read from the openssl.cnf. That is > because I have to create more certificates, and I do not want to modify the > opennssl.cnf, for each of them. > > I have tried to create certificates, signed by my CA, and the subject > information was provided in the openssl.cnf file. That I have succeeded. > > Then I have tried to provide the subject information from the command line, > and that I have failed. And I have verified the contents of the certificate, > and the subject was not what I have specified in the command line, but what > was found in the config file. > > So it looks to me like if this option: -subj > "/C=DE/L=Munchen/ST=Bayern/O=Org/OU=Dev/CN=Test Certificate" is ignored, and > like openssl tries to read this info from the config file, and I do not > understand why :(. > > > Regards, > Gerald > > > > On Mon, Aug 17, 2009 at 6:31 PM, Serge Fonville > <serge.fonvi...@gmail.com>wrote: > >> Hi, >> >> I assume you have done a lot of googling and have read the docs >> extensively. >> >> First, what is your end goal? >> Since creating a certificate and having it signed by your own CA is not >> that difficult. >> What resources have you consulted. >> What have you already tried. >> Have you looked at the resulting certificate to verify its contents >> >> Regards, >> >> Serge Fonville >> >> On Mon, Aug 17, 2009 at 4:41 PM, Gerald Iakobinyi-Pich < >> nutri...@gmail.com> wrote: >> >>> Hello, >>> >>> I am trying to create a certificate, on win, and I am having some >>> troubles with OpenSSL. First I generate a key. That's ok. Then I create a >>> request: >>> >>> openssl req -config .\openssl.cnf -subj >>> "/C=DE/L=Munchen/ST=Bayern/O=Org/OU=Dev/CN=Test Certificate" -new -days 365 >>> -key ..\demo_store\private\private_key_client.pem -outform PEM -out >>> ..\demo_store\request\req_server.csr -passin pass:pass >>> >>> Then I want to sign this: >>> openssl x509 -inform PEM -req -in ..\demo_store\request\req_server.csr >>> -outform DER -out ..\demo_store\certs\cert_server.der -CAform DER -CA >>> ..\demo_store\certs\ca_cert.der -CAkeyform PEM -CAkey >>> ..\demo_store\private\ca_private_key.pem -CAcreateserial >>> >>> And the message printed out is: >>> Loading 'screen' into random state - done >>> Signature ok >>> subject=/C=RO >>> Getting CA Private Key >>> >>> >>> Now, what disturbs me, is that it seems that the subject I have provided >>> with "-subj" in the first "openssl req" command has been ignored. >>> Why is that happening? What am I doing wrong? >>> >>> Thanks, >>> Gerald >>> >>> >>> >> >
