Re: Custom certificate

kummers Mon, 13 Sep 2010 00:56:00 -0700

Hi


Please how can i edit a CSR?

Regards,



Emmanuel Guiton wrote:
> 
> Hello,
> 
> Thank you, it works like a charm.
> Just have to solve the date problem, now.
> 
>  - Emmanuel
> 
> 
> Marek Marcola wrote:
>> Hello,
>> 
>> 
>>>In the issuer and subject fields, I must include a dnQualifier       which is
>>>a thumbprint of the corresponding public key, that is to say  a SHA-1
>>>hash of the contents of the SubjectPublicKey BIT STRING in the
>>>SubjectPublicKeyInfo field (excluding the DER tag, length, and number of
>>>unused bits count in the DER header for the BIT STRING).
>>>How can I do that?
>> 
>> It is not very complicated.
>> Suppose you have Certificate Signing Request file (say req.pem).
>> You should first extract public key to some file:
>>      $ openssl req -in req.pem -pubkey -noout > req_pub_key.pem
>> Next from this pub key you should extract ASN.1 SEQUENCE of INTEGER n
>> and INTEGER e.
>> To display:
>>      $ openssl asn1parse -in req_pub_key.pem
>>          0:d=0  hl=3 l= 159 cons: SEQUENCE
>>          3:d=1  hl=2 l=  13 cons: SEQUENCE
>>          5:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>         16:d=2  hl=2 l=   0 prim: NULL
>>         18:d=1  hl=3 l= 141 prim: BIT STRING
>>      $ openssl asn1parse -in req_pub_key.pem -strparse 18
>>          0:d=0  hl=3 l= 137 cons: SEQUENCE
>>          3:d=1  hl=3 l= 129 prim: INTEGER :E3295A7F558C3D78D3 ...
>>        135:d=1  hl=2 l=   3 prim: INTEGER :010001
>> and to save in DER format:
>>      $ openssl asn1parse -in req_pub_key.pem -strparse 18 -noout \
>>              -out pub_key.der
>>      $ openssl asn1parse -in pub_key.der -inform DER
>>          0:d=0  hl=3 l= 137 cons: SEQUENCE
>>          3:d=1  hl=3 l= 129 prim: INTEGER :E3295A7F558C3D78D3 ...
>>        135:d=1  hl=2 l=   3 prim: INTEGER :010001
>> and you should make digest of this file:
>>      $ cat pub_key.der | openssl dgst -sha1
>>      f8aa13223180643bf899eaa6faac94c2aa7bdd73
>> 
>> Best regards,
> 
> -- 
> 165, avenue Aristide Briand
> 94230 Cachan
> Tel/fax: 01 46 63 29 28
> E-mail:  emmanuel.gui...@neuf.fr
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
> 
> 

-- 
View this message in context: 
http://old.nabble.com/Custom-certificate-tp4593172p29673140.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Re: Custom certificate

Reply via email to