Pass the subject via the “-subj” argument: openssl req -new -key <private key file> -out <CSR output file> -subj “/C=<Country Name>/ST=<State>/L=<Locality Name>/O=<Organization Name>/CN=<Common Name>” Note that if you want to have OpenSSL build the subject string for you, you can create the CSR as you normally would, and then execute the command to self-sign it. … Read more
CSR file is the Certificate Signing Request. It contains the information which is needed to generate a certificate based on your private key and information about the WebSite. CER is the certificate itself (which you install into your Web browser). There is basically no way to convert directly from one to another as you need … Read more
Also make sure you use Safari for uploading. I tried Chrome and it always failed. Then I switched to Safari and it worked with the same CSR.
It’s not .NET, but for interactive use, try the OpenSSL utilities. Specifically: openssl req -text -in request.csr
You need to specify an extensions file. For example: openssl x509 -days 365 -in myCSR.csr -extfile v3.ext -CA myCA.crt -CAkey myCA.key -CAcreateserial -out userCertificate.crt The extensions file (v3.ext) can look like this: authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
As of 2020, RSA keys should be 2048 bits. 1024 bits 1024 bits RSA certificates are obsolete and not accepted by browsers. Firefox stopped accepting 1024 bits RSA certificates in 2014. Certificate authorities stopped delivering 1024 bits RSA certificates in 2014 or before. See GlobalSign or Comodo notice. 1024 bits keys were deprecated because they … Read more
1. Using the x509 module openssl x509 … … 2 Using the ca module openssl ca … … You are missing the prelude to those commands. This is a two-step process. First you set up your CA, and then you sign an end entity certificate (a.k.a server or user). Both of the two commands elide … Read more