extfile
parameter.
file containing certificate extensions to use. If not specified then no extensions are added to the certificate.In following command we are using this parameter to override default extensions by providing our custom extension file
my-openssl-client-auth.cnf
. In this file we can only provide the extensions which we need to override.
openssl x509 -req -days 365 -in childcertificate.csr -CA mycertificate.crt -CAkey mycertificate.key -set_serial 01 -out childcertificate.crt -extfile C:\Test\Openssl\my-openssl-client-auth.cnfIn this exmaple, our custom extension file(
my-openssl-client-auth.cnf
) contains the following content to override only one extension property extendedKeyUsage
extendedKeyUsage = clientAuth
clientAuth
tells the openssl to create certificate for the purpose of only Client Authentication.
References:
No comments:
Post a Comment