1=pod 2{- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4=head1 NAME 5 6openssl-req - PKCS#10 certificate request and certificate generating command 7 8=head1 SYNOPSIS 9 10B<openssl> B<req> 11[B<-help>] 12[B<-cipher>] 13[B<-inform> B<DER>|B<PEM>] 14[B<-outform> B<DER>|B<PEM>] 15[B<-in> I<filename>] 16[B<-passin> I<arg>] 17[B<-out> I<filename>] 18[B<-passout> I<arg>] 19[B<-text>] 20[B<-pubkey>] 21[B<-noout>] 22[B<-verify>] 23[B<-modulus>] 24[B<-new>] 25[B<-newkey> I<arg>] 26[B<-pkeyopt> I<opt>:I<value>] 27[B<-noenc>] 28[B<-nodes>] 29[B<-key> I<filename>|I<uri>] 30[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>] 31[B<-keyout> I<filename>] 32[B<-keygen_engine> I<id>] 33[B<-I<digest>>] 34[B<-config> I<filename>] 35[B<-section> I<name>] 36[B<-x509>] 37[B<-x509v1>] 38[B<-CA> I<filename>|I<uri>] 39[B<-CAkey> I<filename>|I<uri>] 40[B<-not_before> I<date>] 41[B<-not_after> I<date>] 42[B<-days> I<n>] 43[B<-set_serial> I<n>] 44[B<-newhdr>] 45[B<-copy_extensions> I<arg>] 46[B<-extensions> I<section>] 47[B<-reqexts> I<section>] 48[B<-addext> I<ext>] 49[B<-precert>] 50[B<-utf8>] 51[B<-reqopt>] 52[B<-subject>] 53[B<-subj> I<arg>] 54[B<-multivalue-rdn>] 55[B<-sigopt> I<nm>:I<v>] 56[B<-vfyopt> I<nm>:I<v>] 57[B<-batch>] 58[B<-verbose>] 59[B<-quiet>] 60{- $OpenSSL::safe::opt_name_synopsis -} 61{- $OpenSSL::safe::opt_r_synopsis -} 62{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} 63 64=head1 DESCRIPTION 65 66This command primarily creates and processes certificate requests (CSRs) 67in PKCS#10 format. It can additionally create self-signed certificates 68for use as root CAs for example. 69 70=head1 OPTIONS 71 72=over 4 73 74=item B<-help> 75 76Print out a usage message. 77 78=item B<-inform> B<DER>|B<PEM> 79 80The CSR input file format to use; by default PEM is tried first. 81See L<openssl-format-options(1)> for details. 82 83=item B<-outform> B<DER>|B<PEM> 84 85The output format; unspecified by default. 86See L<openssl-format-options(1)> for details. 87 88The data is a PKCS#10 object. 89 90=item B<-cipher> I<name> 91 92Specify the cipher to be used for encrypting the private key. 93If no cipher is specified, AES-256-CBC will be used by default. 94You can override this by providing any valid OpenSSL cipher name. 95 96=item B<-in> I<filename> 97 98This specifies the input filename to read a request from. 99This defaults to standard input unless B<-x509> or B<-CA> is specified. 100A request is only read if the creation options 101(B<-new> or B<-newkey> or B<-precert>) are not specified. 102 103=item B<-sigopt> I<nm>:I<v> 104 105Pass options to the signature algorithm during sign operations. 106Names and values of these options are algorithm-specific. 107 108=item B<-vfyopt> I<nm>:I<v> 109 110Pass options to the signature algorithm during verify operations. 111Names and values of these options are algorithm-specific. 112 113=begin comment 114 115Maybe it would be preferable to only have -opts instead of -sigopt and 116-vfyopt? They are both present here to be compatible with L<openssl-ca(1)>, 117which supports both options for good reasons. 118 119=end comment 120 121=item B<-passin> I<arg> 122 123The password source for private key and certificate input. 124For more information about the format of B<arg> 125see L<openssl-passphrase-options(1)>. 126 127=item B<-passout> I<arg> 128 129The password source for the output file. 130For more information about the format of B<arg> 131see L<openssl-passphrase-options(1)>. 132 133=item B<-out> I<filename> 134 135This specifies the output filename to write to or standard output by default. 136 137=item B<-text> 138 139Prints out the certificate request in text form. 140 141=item B<-subject> 142 143Prints out the certificate request subject 144(or certificate subject if B<-x509> is in use). 145 146=item B<-pubkey> 147 148Prints out the public key. 149 150=item B<-noout> 151 152This option prevents output of the encoded version of the certificate request. 153 154=item B<-modulus> 155 156Prints out the value of the modulus of the public key contained in the request. 157 158=item B<-verify> 159 160Verifies the self-signature on the request. If the verification fails, 161the program will immediately exit, i.e. further option processing 162(e.g. B<-text>) is skipped. 163 164=item B<-new> 165 166This option generates a new certificate request. It will prompt 167the user for the relevant field values. The actual fields 168prompted for and their maximum and minimum sizes are specified 169in the configuration file and any requested extensions. 170 171If the B<-key> option is not given it will generate a new private key 172using information specified in the configuration file or given with 173the B<-newkey> and B<-pkeyopt> options, 174else by default an RSA key with 2048 bits length. 175 176=item B<-newkey> I<arg> 177 178This option is used to generate a new private key unless B<-key> is given. 179It is subsequently used as if it was given using the B<-key> option. 180 181This option implies the B<-new> flag to create a new certificate request 182or a new certificate in case B<-x509> is used. 183 184The argument takes one of several forms. 185 186[B<rsa:>]I<nbits> generates an RSA key I<nbits> in size. 187If I<nbits> is omitted, i.e., B<-newkey> B<rsa> is specified, 188the default key size specified in the configuration file 189with the B<default_bits> option is used if present, else 2048. 190 191All other algorithms support the B<-newkey> I<algname>:I<file> form, where 192I<file> is an algorithm parameter file, created with C<openssl genpkey -genparam> 193or an X.509 certificate for a key with appropriate algorithm. 194 195B<param:>I<file> generates a key using the parameter file or certificate 196I<file>, the algorithm is determined by the parameters. 197 198I<algname>[:I<file>] generates a key using the given algorithm I<algname>. 199If a parameter file I<file> is given then the parameters specified there 200are used, where the algorithm parameters must match I<algname>. 201If algorithm parameters are not given, 202any necessary parameters should be specified via the B<-pkeyopt> option. 203 204B<dsa:>I<filename> generates a DSA key using the parameters 205in the file I<filename>. B<ec:>I<filename> generates EC key (usable both with 206ECDSA or ECDH algorithms), B<gost2001:>I<filename> generates GOST R 20734.10-2001 key (requires B<gost> engine configured in the configuration 208file). If just B<gost2001> is specified a parameter set should be 209specified by B<-pkeyopt> I<paramset:X> 210 211=item B<-pkeyopt> I<opt>:I<value> 212 213Set the public key algorithm option I<opt> to I<value>. The precise set of 214options supported depends on the public key algorithm used and its 215implementation. 216See L<openssl-genpkey(1)/KEY GENERATION OPTIONS> for more details. 217 218=item B<-key> I<filename>|I<uri> 219 220This option provides the private key for signing a new certificate or 221certificate request. 222Unless B<-in> is given, the corresponding public key is placed in 223the new certificate or certificate request, resulting in a self-signature. 224 225For certificate signing this option is overridden by the B<-CA> option. 226 227This option also accepts PKCS#8 format private keys for PEM format files. 228 229=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> 230 231The format of the private key; unspecified by default. 232See L<openssl-format-options(1)> for details. 233 234=item B<-keyout> I<filename> 235 236This gives the filename to write any private key to that has been newly created 237or read from B<-key>. If neither the B<-keyout> option nor the B<-key> option 238are given then the filename specified in the configuration file with the 239B<default_keyfile> option is used, if present. Thus, if you want to write the 240private key and the B<-key> option is provided, you should provide the 241B<-keyout> option explicitly. If a new key is generated and no filename is 242specified the key is written to standard output. 243 244=item B<-noenc> 245 246If this option is specified then if a private key is created it 247will not be encrypted. 248 249=item B<-nodes> 250 251This option is deprecated since OpenSSL 3.0; use B<-noenc> instead. 252 253=item B<-I<digest>> 254 255This specifies the message digest to sign the request. 256Any digest supported by the OpenSSL B<dgst> command can be used. 257This overrides the digest algorithm specified in 258the configuration file. 259 260Some public key algorithms may override this choice. For instance, DSA 261signatures always use SHA1, GOST R 34.10 signatures always use 262GOST R 34.11-94 (B<-md_gost94>), Ed25519 and Ed448 never use any digest. 263 264=item B<-config> I<filename> 265 266This allows an alternative configuration file to be specified. 267Optional; for a description of the default value, 268see L<openssl(1)/COMMAND SUMMARY>. 269 270=item B<-section> I<name> 271 272Specifies the name of the section to use; the default is B<req>. 273 274=item B<-subj> I<arg> 275 276Sets subject name for new request or supersedes the subject name 277when processing a certificate request. 278 279The arg must be formatted as C</type0=value0/type1=value1/type2=...>. 280Special characters may be escaped by C<\> (backslash), whitespace is retained. 281Empty values are permitted, but the corresponding type will not be included 282in the request. 283Giving a single C</> will lead to an empty sequence of RDNs (a NULL-DN). 284Multi-valued RDNs can be formed by placing a C<+> character instead of a C</> 285between the AttributeValueAssertions (AVAs) that specify the members of the set. 286Example: 287 288C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe> 289 290=item B<-multivalue-rdn> 291 292This option has been deprecated and has no effect. 293 294=item B<-x509> 295 296This option outputs a certificate instead of a certificate request. 297This is typically used to generate test certificates. 298It is implied by the B<-CA> option. 299 300This option implies the B<-new> flag if B<-in> is not given. 301 302If an existing request is specified with the B<-in> option, it is converted 303to a certificate; otherwise a request is created from scratch. 304 305Unless specified using the B<-set_serial> option, 306a large random number will be used for the serial number. 307 308Unless the B<-copy_extensions> option is used, 309X.509 extensions are not copied from any provided request input file. 310 311X.509 extensions to be added can be specified in the configuration file, 312possibly using the B<-config> and B<-extensions> options, 313and/or using the B<-addext> option. 314 315Unless B<-x509v1> is given, generated certificates bear X.509 version 3. 316Unless specified otherwise, 317key identifier extensions are included as described in L<x509v3_config(5)>. 318 319=item B<-x509v1> 320 321Request generation of certificates with X.509 version 1. 322This implies B<-x509>. 323If X.509 extensions are given, anyway X.509 version 3 is set. 324 325=item B<-CA> I<filename>|I<uri> 326 327Specifies the "CA" certificate to be used for signing a new certificate 328and implies use of B<-x509>. 329When present, this behaves like a "micro CA" as follows: 330The subject name of the "CA" certificate is placed as issuer name in the new 331certificate, which is then signed using the "CA" key given as specified below. 332 333=item B<-CAkey> I<filename>|I<uri> 334 335Sets the "CA" private key to sign a certificate with. 336The private key must match the public key of the certificate given with B<-CA>. 337If this option is not provided then the key must be present in the B<-CA> input. 338 339=item B<-not_before> I<date> 340 341When B<-x509> is in use this allows the start date to be explicitly set, 342otherwise it is ignored. The format of I<date> is YYMMDDHHMMSSZ (the 343same as an ASN1 UTCTime structure), or YYYYMMDDHHMMSSZ (the same as an 344ASN1 GeneralizedTime structure). In both formats, seconds SS and 345timezone Z must be present. 346Alternatively, you can also use "today". 347 348=item B<-not_after> I<date> 349 350When B<-x509> is in use this allows the expiry date to be explicitly 351set, otherwise it is ignored. The format of I<date> is YYMMDDHHMMSSZ 352(the same as an ASN1 UTCTime structure), or YYYYMMDDHHMMSSZ (the same as 353an ASN1 GeneralizedTime structure). In both formats, seconds SS and 354timezone Z must be present. 355Alternatively, you can also use "today". 356 357This overrides the B<-days> option. 358 359=item B<-days> I<n> 360 361When B<-x509> is in use this specifies the number of days from today to 362certify the certificate for, otherwise it is ignored. I<n> should 363be a positive integer. The default is 30 days. 364 365Regardless of the option B<-not_before>, the days are always counted from 366today. 367When used together with the option B<-not_after>, the explicit expiry 368date takes precedence. 369 370=item B<-set_serial> I<n> 371 372Serial number to use when outputting a self-signed certificate. 373This may be specified as a decimal value or a hex value if preceded by C<0x>. 374If not given, a large random number will be used. 375 376=item B<-copy_extensions> I<arg> 377 378Determines how X.509 extensions in certificate requests should be handled 379when B<-x509> is in use. 380If I<arg> is B<none> or this option is not present then extensions are ignored. 381If I<arg> is B<copy> or B<copyall> then 382all extensions in the request are copied to the certificate. 383 384The main use of this option is to allow a certificate request to supply 385values for certain extensions such as subjectAltName. 386 387=item B<-extensions> I<section>, 388B<-reqexts> I<section> 389 390Can be used to override the name of the configuration file section 391from which X.509 extensions are included 392in the certificate (when B<-x509> is in use) or certificate request. 393This allows several different sections to be used in the same configuration 394file to specify requests for a variety of purposes. 395 396=item B<-addext> I<ext> 397 398Add a specific extension to the certificate (if B<-x509> is in use) 399or certificate request. The argument must have the form of 400a C<key=value> pair as it would appear in a config file. 401 402If an extension is added using this option that has the same OID as one 403defined in the extension section of the config file, it overrides that one. 404 405This option can be given multiple times. 406Doing so, the same key most not be given more than once. 407 408=item B<-precert> 409 410A poison extension will be added to the certificate, making it a 411"pre-certificate" (see RFC6962). This can be submitted to Certificate 412Transparency logs in order to obtain signed certificate timestamps (SCTs). 413These SCTs can then be embedded into the pre-certificate as an extension, before 414removing the poison and signing the certificate. 415 416This implies the B<-new> flag. 417 418=item B<-utf8> 419 420This option causes field values to be interpreted as UTF8 strings, by 421default they are interpreted as ASCII. This means that the field 422values, whether prompted from a terminal or obtained from a 423configuration file, must be valid UTF8 strings. 424 425=item B<-reqopt> I<option> 426 427Customise the printing format used with B<-text>. The I<option> argument can be 428a single option or multiple options separated by commas. 429 430See discussion of the B<-certopt> parameter in the L<openssl-x509(1)> 431command. 432 433=item B<-newhdr> 434 435Adds the word B<NEW> to the PEM file header and footer lines on the outputted 436request. Some software (Netscape certificate server) and some CAs need this. 437 438=item B<-batch> 439 440Non-interactive mode. 441 442=item B<-verbose> 443 444Print extra details about the operations being performed. 445 446=item B<-quiet> 447 448Print fewer details about the operations being performed, which may be 449handy during batch scripts or pipelines (specifically "progress dots" 450during key generation are suppressed). 451 452=item B<-keygen_engine> I<id> 453 454Specifies an engine (by its unique I<id> string) which would be used 455for key generation operations. 456 457{- $OpenSSL::safe::opt_name_item -} 458 459{- $OpenSSL::safe::opt_r_item -} 460 461{- $OpenSSL::safe::opt_engine_item -} 462 463{- $OpenSSL::safe::opt_provider_item -} 464 465=back 466 467=head1 CONFIGURATION FILE FORMAT 468 469The configuration options are specified in the B<req> section of 470the configuration file. An alternate name be specified by using the 471B<-section> option. 472As with all configuration files, if no 473value is specified in the specific section then 474the initial unnamed or B<default> section is searched too. 475 476The options available are described in detail below. 477 478=over 4 479 480=item B<input_password>, B<output_password> 481 482The passwords for the input private key file (if present) and 483the output private key file (if one will be created). The 484command line options B<passin> and B<passout> override the 485configuration file values. 486 487=item B<default_bits> 488 489Specifies the default key size in bits. 490 491This option is used in conjunction with the B<-new> option to generate 492a new key. It can be overridden by specifying an explicit key size in 493the B<-newkey> option. The smallest accepted key size is 512 bits. If 494no key size is specified then 2048 bits is used. 495 496=item B<default_keyfile> 497 498This is the default filename to write a private key to. If not 499specified the key is written to standard output. This can be 500overridden by the B<-keyout> option. 501 502=item B<oid_file> 503 504This specifies a file containing additional B<OBJECT IDENTIFIERS>. 505Each line of the file should consist of the numerical form of the 506object identifier followed by whitespace then the short name followed 507by whitespace and finally the long name. 508 509=item B<oid_section> 510 511This specifies a section in the configuration file containing extra 512object identifiers. Each line should consist of the short name of the 513object identifier followed by B<=> and the numerical form. The short 514and long names are the same when this option is used. 515 516=item B<RANDFILE> 517 518At startup the specified file is loaded into the random number generator, 519and at exit 256 bytes will be written to it. 520It is used for private key generation. 521 522=item B<encrypt_key> 523 524If this is set to B<no> then if a private key is generated it is 525B<not> encrypted. This is equivalent to the B<-noenc> command line 526option. For compatibility B<encrypt_rsa_key> is an equivalent option. 527 528=item B<default_md> 529 530This option specifies the digest algorithm to use. Any digest supported by the 531OpenSSL B<dgst> command can be used. This option can be overridden on the 532command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore 533any digest that has been set. 534 535=item B<string_mask> 536 537This option masks out the use of certain string types in certain 538fields. Most users will not need to change this option. It can be set to 539several values: 540 541=over 4 542 543=item B<utf8only> 544- only UTF8Strings are used (this is the default value) 545 546=item B<pkix> 547- any string type except T61Strings 548 549=item B<nombstr> 550- any string type except BMPStrings and UTF8Strings 551 552=item B<default> 553- any kind of string type 554 555=back 556 557Note that B<utf8only> is the PKIX recommendation in RFC2459 after 2003, and the 558default B<string_mask>; B<default> is not the default option. The B<nombstr> 559value is a workaround for some software that has problems with variable-sized 560BMPStrings and UTF8Strings. 561 562=item B<req_extensions> 563 564This specifies the configuration file section containing a list of 565extensions to add to the certificate request. It can be overridden 566by the B<-reqexts> (or B<-extensions>) command line switch. See the 567L<x509v3_config(5)> manual page for details of the 568extension section format. 569 570=item B<x509_extensions> 571 572This specifies the configuration file section containing a list of 573extensions to add to certificate generated when B<-x509> is in use. 574It can be overridden by the B<-extensions> command line switch. 575 576=item B<prompt> 577 578If set to the value B<no> this disables prompting of certificate fields 579and just takes values from the config file directly. It also changes the 580expected format of the B<distinguished_name> and B<attributes> sections. 581 582=item B<utf8> 583 584If set to the value B<yes> then field values to be interpreted as UTF8 585strings, by default they are interpreted as ASCII. This means that 586the field values, whether prompted from a terminal or obtained from a 587configuration file, must be valid UTF8 strings. 588 589=item B<attributes> 590 591This specifies the section containing any request attributes: its format 592is the same as B<distinguished_name>. Typically these may contain the 593challengePassword or unstructuredName types. They are currently ignored 594by OpenSSL's request signing utilities but some CAs might want them. 595 596=item B<distinguished_name> 597 598This specifies the section containing the distinguished name fields to 599prompt for when generating a certificate or certificate request. The format 600is described in the next section. 601 602=back 603 604=head1 DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT 605 606There are two separate formats for the distinguished name and attribute 607sections. If the B<prompt> option is set to B<no> then these sections 608just consist of field names and values: for example, 609 610 CN=My Name 611 OU=My Organization 612 emailAddress=someone@somewhere.org 613 614This allows external programs (e.g. GUI based) to generate a template file with 615all the field names and values and just pass it to this command. An example 616of this kind of configuration file is contained in the B<EXAMPLES> section. 617 618Alternatively if the B<prompt> option is absent or not set to B<no> then the 619file contains field prompting information. It consists of lines of the form: 620 621 fieldName="prompt" 622 fieldName_default="default field value" 623 fieldName_min= 2 624 fieldName_max= 4 625 626"fieldName" is the field name being used, for example commonName (or CN). 627The "prompt" string is used to ask the user to enter the relevant 628details. If the user enters nothing then the default value is used if no 629default value is present then the field is omitted. A field can 630still be omitted if a default value is present if the user just 631enters the '.' character. 632 633The number of characters entered must be between the fieldName_min and 634fieldName_max limits: there may be additional restrictions based 635on the field being used (for example countryName can only ever be 636two characters long and must fit in a PrintableString). 637 638Some fields (such as organizationName) can be used more than once 639in a DN. This presents a problem because configuration files will 640not recognize the same name occurring twice. To avoid this problem 641if the fieldName contains some characters followed by a full stop 642they will be ignored. So for example a second organizationName can 643be input by calling it "1.organizationName". 644 645The actual permitted field names are any object identifier short or 646long names. These are compiled into OpenSSL and include the usual 647values such as commonName, countryName, localityName, organizationName, 648organizationalUnitName, stateOrProvinceName. Additionally emailAddress 649is included as well as name, surname, givenName, initials, and dnQualifier. 650 651Additional object identifiers can be defined with the B<oid_file> or 652B<oid_section> options in the configuration file. Any additional fields 653will be treated as though they were a DirectoryString. 654 655 656=head1 EXAMPLES 657 658Examine and verify certificate request: 659 660 openssl req -in req.pem -text -verify -noout 661 662Specify the cipher to be used for encrypting the private key: 663 664 openssl req -newkey rsa:2048 -keyout privatekey.pem -out request.csr -cipher aes-256-cbc 665 666Create a private key and then generate a certificate request from it: 667 668 openssl genrsa -out key.pem 2048 669 openssl req -new -key key.pem -out req.pem 670 671The same but just using req: 672 673 openssl req -newkey rsa:2048 -keyout key.pem -out req.pem 674 675Generate a self-signed root certificate: 676 677 openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem 678 679Create an SM2 private key and then generate a certificate request from it: 680 681 openssl ecparam -genkey -name SM2 -out sm2.key 682 openssl req -new -key sm2.key -out sm2.csr -sm3 -sigopt "distid:1234567812345678" 683 684Examine and verify an SM2 certificate request: 685 686 openssl req -verify -in sm2.csr -sm3 -vfyopt "distid:1234567812345678" 687 688Example of a file pointed to by the B<oid_file> option: 689 690 1.2.3.4 shortName A longer Name 691 1.2.3.6 otherName Other longer Name 692 693Example of a section pointed to by B<oid_section> making use of variable 694expansion: 695 696 testoid1=1.2.3.5 697 testoid2=${testoid1}.6 698 699Sample configuration file prompting for field values: 700 701 [ req ] 702 default_bits = 2048 703 default_keyfile = privkey.pem 704 distinguished_name = req_distinguished_name 705 attributes = req_attributes 706 req_extensions = v3_ca 707 708 dirstring_type = nobmp 709 710 [ req_distinguished_name ] 711 countryName = Country Name (2 letter code) 712 countryName_default = AU 713 countryName_min = 2 714 countryName_max = 2 715 716 localityName = Locality Name (eg, city) 717 718 organizationalUnitName = Organizational Unit Name (eg, section) 719 720 commonName = Common Name (eg, YOUR name) 721 commonName_max = 64 722 723 emailAddress = Email Address 724 emailAddress_max = 40 725 726 [ req_attributes ] 727 challengePassword = A challenge password 728 challengePassword_min = 4 729 challengePassword_max = 20 730 731 [ v3_ca ] 732 733 subjectKeyIdentifier=hash 734 authorityKeyIdentifier=keyid:always,issuer:always 735 basicConstraints = critical, CA:true 736 737Sample configuration containing all field values: 738 739 740 [ req ] 741 default_bits = 2048 742 default_keyfile = keyfile.pem 743 distinguished_name = req_distinguished_name 744 attributes = req_attributes 745 prompt = no 746 output_password = mypass 747 748 [ req_distinguished_name ] 749 C = GB 750 ST = Test State or Province 751 L = Test Locality 752 O = Organization Name 753 OU = Organizational Unit Name 754 CN = Common Name 755 emailAddress = test@email.address 756 757 [ req_attributes ] 758 challengePassword = A challenge password 759 760Example of giving the most common attributes (subject and extensions) 761on the command line: 762 763 openssl req -new -subj "/C=GB/CN=foo" \ 764 -addext "subjectAltName = DNS:foo.co.uk" \ 765 -addext "certificatePolicies = 1.2.3.4" \ 766 -newkey rsa:2048 -keyout key.pem -out req.pem 767 768 769=head1 NOTES 770 771The certificate requests generated by B<Xenroll> with MSIE have extensions 772added. It includes the B<keyUsage> extension which determines the type of 773key (signature only or general purpose) and any additional OIDs entered 774by the script in an B<extendedKeyUsage> extension. 775 776=head1 DIAGNOSTICS 777 778The following messages are frequently asked about: 779 780 Using configuration from /some/path/openssl.cnf 781 Unable to load config info 782 783This is followed some time later by: 784 785 unable to find 'distinguished_name' in config 786 problems making Certificate Request 787 788The first error message is the clue: it can't find the configuration 789file! Certain operations (like examining a certificate request) don't 790need a configuration file so its use isn't enforced. Generation of 791certificates or requests however does need a configuration file. This 792could be regarded as a bug. 793 794Another puzzling message is this: 795 796 Attributes: 797 a0:00 798 799this is displayed when no attributes are present and the request includes 800the correct empty B<SET OF> structure (the DER encoding of which is 0xa0 8010x00). If you just see: 802 803 Attributes: 804 805then the B<SET OF> is missing and the encoding is technically invalid (but 806it is tolerated). See the description of the command line option B<-asn1-kludge> 807for more information. 808 809=head1 BUGS 810 811OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively 812treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour. 813This can cause problems if you need characters that aren't available in 814PrintableStrings and you don't want to or can't use BMPStrings. 815 816As a consequence of the T61String handling the only correct way to represent 817accented characters in OpenSSL is to use a BMPString: unfortunately Netscape 818currently chokes on these. If you have to use accented characters with Netscape 819and MSIE then you currently need to use the invalid T61String form. 820 821The current prompting is not very friendly. It doesn't allow you to confirm what 822you've just entered. Other things like extensions in certificate requests are 823statically defined in the configuration file. Some of these: like an email 824address in subjectAltName should be input by the user. 825 826=head1 SEE ALSO 827 828L<openssl(1)>, 829L<openssl-x509(1)>, 830L<openssl-ca(1)>, 831L<openssl-genrsa(1)>, 832L<openssl-gendsa(1)>, 833L<config(5)>, 834L<x509v3_config(5)> 835 836=head1 HISTORY 837 838The default encryption cipher was changed from 3DES to AES-256 in OpenSSL 3.5. 839 840The B<-section> option was added in OpenSSL 3.0.0. 841 842The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and 843has no effect. 844 845The B<-engine> option was deprecated in OpenSSL 3.0. 846The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead. 847 848The B<-reqexts> option has been made an alias of B<-extensions> in OpenSSL 3.2. 849 850Since OpenSSL 3.2, 851generated certificates bear X.509 version 3 unless B<-x509v1> is given, 852and key identifier extensions are included by default. 853 854Since OpenSSL 3.3, the B<-verify> option will exit with 1 on failure. 855 856=head1 COPYRIGHT 857 858Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. 859 860Licensed under the Apache License 2.0 (the "License"). You may not use 861this file except in compliance with the License. You can obtain a copy 862in the file LICENSE in the source distribution or at 863L<https://www.openssl.org/source/license.html>. 864 865=cut 866
