Generate a certificate signing request based on an existing certificate with x509v3 extensionsDovecot and...
Is there a working SACD iso player for Ubuntu?
What should you do if you miss a job interview (deliberately)?
Creepy dinosaur pc game identification
Not using 's' for he/she/it
Offered money to buy a house, seller is asking for more to cover gap between their listing and mortgage owed
Drawing ramified coverings with tikz
Strong empirical falsification of quantum mechanics based on vacuum energy density
Freedom of speech and where it applies
Store Credit Card Information in Password Manager?
Closed-form expression for certain product
Non-trope happy ending?
How do I color the graph in datavisualization?
What should you do when eye contact makes your subordinate uncomfortable?
Removing files under particular conditions (number of files, file age)
What was this official D&D 3.5e Lovecraft-flavored rulebook?
In Qur'an 7:161, why is "say the word of humility" translated in various ways?
Should I stop contributing to retirement accounts?
What is the evidence for the "tyranny of the majority problem" in a direct democracy context?
Is this toilet slogan correct usage of the English language?
Problem with TransformedDistribution
When a Cleric spontaneously casts a Cure Light Wounds spell, will a Pearl of Power recover the original spell or Cure Light Wounds?
Yosemite Fire Rings - What to Expect?
Argument list too long when zipping large list of certain files in a folder
Does an advisor owe his/her student anything? Will an advisor keep a PhD student only out of pity?
Generate a certificate signing request based on an existing certificate with x509v3 extensions
Dovecot and StartSSL problems with issuerSSL Error - unable to read server certificate from filepipe Certificate Signing Request into opennsl x509 commandSSL Library Error: X509_check_private_key:key values mismatchOpenvpn signing certificates with wrong CAHow to create ssl certificate for multiple domains which requires the CA root key in LinuxCan Subject Alternative Name(SAN) Certificate install on different Web Server or OS?Self-signed cert with Subject Alternative NamesSSL client certificationGenerate SSL certificate files from text file
With openssl I am trying to generate a CSR using an existing cert that contains X509v3 extensions, in particular SAN. I am able to create the new CSR by running
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
However, when I run
openssl req -text -noout -verify -in CSR.csr
I don't see any of the X509v3 extensions that are included in the certificate. Is this possible?
ssl tls
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
With openssl I am trying to generate a CSR using an existing cert that contains X509v3 extensions, in particular SAN. I am able to create the new CSR by running
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
However, when I run
openssl req -text -noout -verify -in CSR.csr
I don't see any of the X509v3 extensions that are included in the certificate. Is this possible?
ssl tls
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Using OpenSSL, you would add the desired X509v3 extensions, including SANs, when the CSR is signed by a CA into a certificate; the extensions to appear in the certificate do not come from the CSR itself.
– Castaglia
May 12 '16 at 18:16
add a comment |
With openssl I am trying to generate a CSR using an existing cert that contains X509v3 extensions, in particular SAN. I am able to create the new CSR by running
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
However, when I run
openssl req -text -noout -verify -in CSR.csr
I don't see any of the X509v3 extensions that are included in the certificate. Is this possible?
ssl tls
With openssl I am trying to generate a CSR using an existing cert that contains X509v3 extensions, in particular SAN. I am able to create the new CSR by running
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
However, when I run
openssl req -text -noout -verify -in CSR.csr
I don't see any of the X509v3 extensions that are included in the certificate. Is this possible?
ssl tls
ssl tls
asked May 9 '16 at 19:00
Mike AsselMike Assel
1
1
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Using OpenSSL, you would add the desired X509v3 extensions, including SANs, when the CSR is signed by a CA into a certificate; the extensions to appear in the certificate do not come from the CSR itself.
– Castaglia
May 12 '16 at 18:16
add a comment |
Using OpenSSL, you would add the desired X509v3 extensions, including SANs, when the CSR is signed by a CA into a certificate; the extensions to appear in the certificate do not come from the CSR itself.
– Castaglia
May 12 '16 at 18:16
Using OpenSSL, you would add the desired X509v3 extensions, including SANs, when the CSR is signed by a CA into a certificate; the extensions to appear in the certificate do not come from the CSR itself.
– Castaglia
May 12 '16 at 18:16
Using OpenSSL, you would add the desired X509v3 extensions, including SANs, when the CSR is signed by a CA into a certificate; the extensions to appear in the certificate do not come from the CSR itself.
– Castaglia
May 12 '16 at 18:16
add a comment |
1 Answer
1
active
oldest
votes
From man x509
:
BUGS
Extensions in certificates are not transferred to certificate requests
and vice versa.
which suggests that it is not possible.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f775730%2fgenerate-a-certificate-signing-request-based-on-an-existing-certificate-with-x50%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
From man x509
:
BUGS
Extensions in certificates are not transferred to certificate requests
and vice versa.
which suggests that it is not possible.
add a comment |
From man x509
:
BUGS
Extensions in certificates are not transferred to certificate requests
and vice versa.
which suggests that it is not possible.
add a comment |
From man x509
:
BUGS
Extensions in certificates are not transferred to certificate requests
and vice versa.
which suggests that it is not possible.
From man x509
:
BUGS
Extensions in certificates are not transferred to certificate requests
and vice versa.
which suggests that it is not possible.
answered May 9 '16 at 20:47
garethTheRedgarethTheRed
1,949611
1,949611
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f775730%2fgenerate-a-certificate-signing-request-based-on-an-existing-certificate-with-x50%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Using OpenSSL, you would add the desired X509v3 extensions, including SANs, when the CSR is signed by a CA into a certificate; the extensions to appear in the certificate do not come from the CSR itself.
– Castaglia
May 12 '16 at 18:16