-
I am trying to add custom x509 extension when creating a self-signed certificate. The exmple code follows behind. However, when I check the generate certificate, the custom extension item in the output shows with extra symbols Am I do something wrong? cat <<EOT >> openssl.cnf
[ req ]
default_bits = 2048
default_md = sha256
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = California
localityName = Locality Name (eg, city)
localityName_default = San Francisco
organizationName = Organization Name (eg, company)
organizationName_default = My Company
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
commonName_default = mycompany.com
[ req_ext ]
subjectAltName = @alt_names
1.2.3.4.5 = ASN1:UTF8String:hello world
[ alt_names ]
DNS.1 = mycompany.com
EOT
# Generate the private key
openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048
# Generate the CSR using the configuration file
openssl req -new -key private.key -out request.csr -config openssl.cnf
# Generate the self-signed certificate including the custom extension
openssl x509 -req -in request.csr -signkey private.key -out certificate.pem -extfile openssl.cnf -extensions req_ext
# Verify the certificate to ensure correct encoding
openssl x509 -in certificate.pem -text -noout the output is
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
This is expected. The two dots are just part of a hexdump of the extension's value, which you configured to be a
The first dot is Less clunky tools such as der-ascii show
which is what it should be. |
Beta Was this translation helpful? Give feedback.
This is expected. The two dots are just part of a hexdump of the extension's value, which you configured to be a
UTF8String
. Fromopenssl asn1parse -i -in certificate.pem
:The first dot is
0C
, the ASN.1 tag forUTF8String
, and the second dot is0B
, the length. The remaining octets encodehello world
in ASCII.Less clunky tools such as der-ascii show
w…