Hello, Yes, you are right. I can do it using the 'ca' command. Thanks for the hint.
Gerald On Tue, Aug 18, 2009 at 11:48 AM, Serge Fonville <serge.fonvi...@gmail.com>wrote: > Why don't you use the ca command? > > > On Tue, Aug 18, 2009 at 9:38 AM, Gerald Iakobinyi-Pich <nutri...@gmail.com > > wrote: > >> Hello, >> >> So I have played arround a little bit more yesterday, but with the same >> result. >> Attached are the the openssl.cnf I am using. The problem is the same, I do >> not know how to override the subject information from the config file >> (specified in the "req_distinguished_name" section), from the command line. >> >> And this is what I execute from the cmd line: >> >> openssl genrsa -des3 -out ..\demo_store\private\private_key_client.pem >> -passout pass:pass 1024 >> >> openssl req -config .\openssl.cnf -subj >> "/C=DE/L=Munchen/ST=Bayern/O=Org/OU=Dev/CN=Test Certificate" -new -days 365 >> -key ..\demo_store\private\private_key_client.pem -outform PEM -out >> ..\demo_store\request\req_server.csr -passin pass:pass >> >> openssl x509 -inform PEM -req -in ..\demo_store\request\req_server.csr >> -outform DER -out ..\demo_store\certs\cert_server.der -CAform DER -CA >> ..\demo_store\certs\ca_cert.der -CAkeyform PEM -CAkey >> ..\demo_store\private\ca_private_key.pem -CAcreateserial >> >> >> Regards, >> Gerald >> >> >> On Mon, Aug 17, 2009 at 7:20 PM, Serge Fonville <serge.fonvi...@gmail.com >> > wrote: >> >>> What does your openssl.cnf look like, since it is used in the req? >>> >>> >>> On Mon, Aug 17, 2009 at 6:00 PM, Gerald Iakobinyi-Pich < >>> nutri...@gmail.com> wrote: >>> >>>> Hy, >>>> >>>> So my end goal is to have a CA, which I can use to sign certificates. I >>>> have set up a CA, that was not that hard. But now I want to create >>>> certificates signed by my CA, and I want to provide the subject from the >>>> command line. I don't want it to be read from the openssl.cnf. That is >>>> because I have to create more certificates, and I do not want to modify the >>>> opennssl.cnf, for each of them. >>>> >>>> I have tried to create certificates, signed by my CA, and the subject >>>> information was provided in the openssl.cnf file. That I have succeeded. >>>> >>>> Then I have tried to provide the subject information from the command >>>> line, and that I have failed. And I have verified the contents of the >>>> certificate, and the subject was not what I have specified in the command >>>> line, but what was found in the config file. >>>> >>>> So it looks to me like if this option: -subj >>>> "/C=DE/L=Munchen/ST=Bayern/O=Org/OU=Dev/CN=Test Certificate" is ignored, >>>> and >>>> like openssl tries to read this info from the config file, and I do not >>>> understand why :(. >>>> >>>> >>>> Regards, >>>> Gerald >>>> >>>> >>>> >>>> On Mon, Aug 17, 2009 at 6:31 PM, Serge Fonville < >>>> serge.fonvi...@gmail.com> wrote: >>>> >>>>> Hi, >>>>> >>>>> I assume you have done a lot of googling and have read the docs >>>>> extensively. >>>>> >>>>> First, what is your end goal? >>>>> Since creating a certificate and having it signed by your own CA is not >>>>> that difficult. >>>>> What resources have you consulted. >>>>> What have you already tried. >>>>> Have you looked at the resulting certificate to verify its contents >>>>> >>>>> Regards, >>>>> >>>>> Serge Fonville >>>>> >>>>> On Mon, Aug 17, 2009 at 4:41 PM, Gerald Iakobinyi-Pich < >>>>> nutri...@gmail.com> wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> I am trying to create a certificate, on win, and I am having some >>>>>> troubles with OpenSSL. First I generate a key. That's ok. Then I create a >>>>>> request: >>>>>> >>>>>> openssl req -config .\openssl.cnf -subj >>>>>> "/C=DE/L=Munchen/ST=Bayern/O=Org/OU=Dev/CN=Test Certificate" -new -days >>>>>> 365 >>>>>> -key ..\demo_store\private\private_key_client.pem -outform PEM -out >>>>>> ..\demo_store\request\req_server.csr -passin pass:pass >>>>>> >>>>>> Then I want to sign this: >>>>>> openssl x509 -inform PEM -req -in ..\demo_store\request\req_server.csr >>>>>> -outform DER -out ..\demo_store\certs\cert_server.der -CAform DER -CA >>>>>> ..\demo_store\certs\ca_cert.der -CAkeyform PEM -CAkey >>>>>> ..\demo_store\private\ca_private_key.pem -CAcreateserial >>>>>> >>>>>> And the message printed out is: >>>>>> Loading 'screen' into random state - done >>>>>> Signature ok >>>>>> subject=/C=RO >>>>>> Getting CA Private Key >>>>>> >>>>>> >>>>>> Now, what disturbs me, is that it seems that the subject I have >>>>>> provided with "-subj" in the first "openssl req" command has been >>>>>> ignored. >>>>>> Why is that happening? What am I doing wrong? >>>>>> >>>>>> Thanks, >>>>>> Gerald >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> >
