Ryfujk

Is there a working SACD iso player for Ubuntu?

What should you do if you miss a job interview (deliberately)?

Creepy dinosaur pc game identification

Not using 's' for he/she/it

Offered money to buy a house, seller is asking for more to cover gap between their listing and mortgage owed

Drawing ramified coverings with tikz

Strong empirical falsification of quantum mechanics based on vacuum energy density

Freedom of speech and where it applies

Store Credit Card Information in Password Manager?

Closed-form expression for certain product

Non-trope happy ending?

How do I color the graph in datavisualization?

What should you do when eye contact makes your subordinate uncomfortable?

Removing files under particular conditions (number of files, file age)

What was this official D&D 3.5e Lovecraft-flavored rulebook?

In Qur'an 7:161, why is "say the word of humility" translated in various ways?

Should I stop contributing to retirement accounts?

What is the evidence for the "tyranny of the majority problem" in a direct democracy context?

Is this toilet slogan correct usage of the English language?

Problem with TransformedDistribution

When a Cleric spontaneously casts a Cure Light Wounds spell, will a Pearl of Power recover the original spell or Cure Light Wounds?

Yosemite Fire Rings - What to Expect?

Argument list too long when zipping large list of certain files in a folder

Does an advisor owe his/her student anything? Will an advisor keep a PhD student only out of pity?

Generate a certificate signing request based on an existing certificate with x509v3 extensions

Dovecot and StartSSL problems with issuerSSL Error - unable to read server certificate from filepipe Certificate Signing Request into opennsl x509 commandSSL Library Error: X509_check_private_key:key values mismatchOpenvpn signing certificates with wrong CAHow to create ssl certificate for multiple domains which requires the CA root key in LinuxCan Subject Alternative Name(SAN) Certificate install on different Web Server or OS?Self-signed cert with Subject Alternative NamesSSL client certificationGenerate SSL certificate files from text file

0

With openssl I am trying to generate a CSR using an existing cert that contains X509v3 extensions, in particular SAN. I am able to create the new CSR by running

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

However, when I run

openssl req -text -noout -verify -in CSR.csr

I don't see any of the X509v3 extensions that are included in the certificate. Is this possible?

ssl tls

share|improve this question

asked May 9 '16 at 19:00

Mike AsselMike Assel

1

bumped to the homepage by Community♦ 6 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Using OpenSSL, you would add the desired X509v3 extensions, including SANs, when the CSR is signed by a CA into a certificate; the extensions to appear in the certificate do not come from the CSR itself.
  
  – Castaglia
  May 12 '16 at 18:16
  

  
  
  
  

add a comment | 

0

With openssl I am trying to generate a CSR using an existing cert that contains X509v3 extensions, in particular SAN. I am able to create the new CSR by running

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

However, when I run

openssl req -text -noout -verify -in CSR.csr

I don't see any of the X509v3 extensions that are included in the certificate. Is this possible?

ssl tls

share|improve this question

asked May 9 '16 at 19:00

Mike AsselMike Assel

1

bumped to the homepage by Community♦ 6 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Using OpenSSL, you would add the desired X509v3 extensions, including SANs, when the CSR is signed by a CA into a certificate; the extensions to appear in the certificate do not come from the CSR itself.
  
  – Castaglia
  May 12 '16 at 18:16
  

  
  
  
  

add a comment | 

With openssl I am trying to generate a CSR using an existing cert that contains X509v3 extensions, in particular SAN. I am able to create the new CSR by running

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

However, when I run

openssl req -text -noout -verify -in CSR.csr

I don't see any of the X509v3 extensions that are included in the certificate. Is this possible?

ssl tls

share|improve this question

asked May 9 '16 at 19:00

Mike AsselMike Assel

1

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

openssl req -text -noout -verify -in CSR.csr

share|improve this question

asked May 9 '16 at 19:00

Mike AsselMike Assel

1

share|improve this question

asked May 9 '16 at 19:00

Mike AsselMike Assel

1

asked May 9 '16 at 19:00

Mike AsselMike Assel

1

asked May 9 '16 at 19:00

Mike AsselMike Assel

1

1 Answer
1

active

oldest

votes

0

From man x509:

BUGS

Extensions in certificates are not transferred to certificate requests
and vice versa.

which suggests that it is not possible.

share|improve this answer

answered May 9 '16 at 20:47

garethTheRedgarethTheRed

1,949611

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f775730%2fgenerate-a-certificate-signing-request-based-on-an-existing-certificate-with-x50%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

From man x509:

BUGS

Extensions in certificates are not transferred to certificate requests
and vice versa.

which suggests that it is not possible.

share|improve this answer

answered May 9 '16 at 20:47

garethTheRedgarethTheRed

1,949611

add a comment | 

0

From man x509:

BUGS

Extensions in certificates are not transferred to certificate requests
and vice versa.

which suggests that it is not possible.

share|improve this answer

answered May 9 '16 at 20:47

garethTheRedgarethTheRed

1,949611

add a comment | 

From man x509:

BUGS

Extensions in certificates are not transferred to certificate requests
and vice versa.

which suggests that it is not possible.

share|improve this answer

answered May 9 '16 at 20:47

garethTheRedgarethTheRed

1,949611

share|improve this answer

answered May 9 '16 at 20:47

garethTheRedgarethTheRed

1,949611

answered May 9 '16 at 20:47

garethTheRedgarethTheRed

1,949611

answered May 9 '16 at 20:47

garethTheRedgarethTheRed

1,949611