Ping a Specific Port

Question

mighq

Asked: 2013-11-10 16:59:13 +0800 CST2013-11-10 16:59:13 +0800 CST 2013-11-10 16:59:13 +0800 CST

override specific DN fields when signing csr

772

When signing CSR on CA side, how can I override specific DN fields by custom value? I want to ignore what is written in CSR. For example in C= and O= fields and replace them by something static. Other values, like CN=, should be accepted from CSR.

openssl/ca/policy configuration only supports match and supplied options.

1 Answers

Voted

Daniel Abson · Answer 1 · 2015-01-14T07:59:26+08:00

Best Answer

Daniel Abson

2015-01-14T07:59:26+08:002015-01-14T07:59:26+08:00

There isn't a way to override a field from the CSR using the OpenSSL configuration file. The configuration file can only supply default values. There are two options that I can see:

If you're using the openssl ca command to sign a CSR, you can override the subject from the CSR using the -subject argument. So, get the subject from the CSR (openssl req -noout -subject -in req.pem), search-and-replace the fields you want to change, and specify the altered subject on the command line with -subject.
If the static fields that you want are always going to have the same value, you could build your CA certificate so that your policy configuration can specify match for the static fields, i.e. your CA certificate contains the static values in its own fields (e.g. O, OU).

4

override specific DN fields when signing csr

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?