Difference between revisions of "Openssl without openssl.cnf"

From UVOO Tech Wiki
Jump to navigation Jump to search
Line 12: Line 12:
 
     -subj "${SUBJECT}" \
 
     -subj "${SUBJECT}" \
 
     -set_serial "${SERIAL}"
 
     -set_serial "${SERIAL}"
 +
 +
-CAcreateserial
 
```
 
```
  

Revision as of 05:45, 10 November 2023

https://stackoverflow.com/questions/36920558/is-there-anyway-to-specify-basicconstraints-for-openssl-cert-via-command-line 

DAYS='240'
SUBJECT='/CN=example.com/O=Example Co./OU=Engineering/L=Boston/ST=MA/C=US'
SERIAL='0x1001'

openssl req \
    -addext basicConstraints=critical,CA:TRUE,pathlen:1 \
    -outform pem -out cacert.pem \
    -key privkey.pem -new -x509 \
    -days "${DAYS}" \
    -subj "${SUBJECT}" \
    -set_serial "${SERIAL}"

-CAcreateserial

serial

https://stackoverflow.com/questions/66357451/why-does-signing-a-certificate-require-cacreateserial-argument

Retrieved from "https://tech.uvoo.io/index.php?title=Openssl_without_openssl.cnf&oldid=4646"