Openssl x509v3 Extended Key Usage

openssl x509certificate
David Caissy picture David Caissy · Jun 13, 2013 · Viewed 51.3k times · Source

I know you can specify the purpose for which a certificate public key can be used for by adding a line like this one in the openssl.cfg file:

extendedKeyUsage=serverAuth,clientAuth

But since I have several certificates to create, each with a different extended key usage, is it possible to specify which attribute I need in the command line (without using the openssl.cfg file)? Something like:

openssl req -newkey rsa:4096 \
            -extendedKeyUsage "serverAuth,clientAuth" \
            -keyform PEM \
            -keyout server-key.pem \
            -out server-req.csr \
            -outform PEM

Thanks!

Answer

patrikbeno picture patrikbeno · Nov 19, 2013

You can only use something like this:

openssl -extensions mysection -config myconfig.cnf

and myconfig.cnf:

[mysection]
keyUsage         = digitalSignature
extendedKeyUsage = codeSigning

I am not aware of command line interface to this functionality.

Related questions

How to create a self-signed certificate with OpenSSL

I'm adding HTTPS support to an embedded Linux device. I have tried to generate a self-signed certificate with these steps: openssl req -new > cert.csr openssl rsa -in privkey.pem -out key.pem openssl x509 -in cert.csr -out …

Read More
curl: (60) SSL certificate problem: unable to get local issuer certificate

root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt * About to connect() to {abc} port 21 (#0) * Trying {abc}... * Connected to {abc} ({abc}) port 21 (#0) < 220-Cerberus FTP Server - Home Edition &…

Read More
Export P7b file with all the certificate chain into CER file

I have p7b file provided by Thwate.When I am trying to export the certificate in the cer file using the below command, the certificate chain is not included. Please suggest how to do the same. This CER is …

Read More