Tag Archives: openssl

Write CSR with SAN-attributes

Openssl.cnf[ req] distinguished_name = req_distinguished_name req_extensions = v3_req [req_distinguished_name] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = MyProvince localityName = Locality Name (eg, city) localityName_default = Mycity 0.organizationName … Continue reading

Posted in OpenSSL, PKI | Tagged , , | Comments Off on Write CSR with SAN-attributes

Export av certifikat till textformat

Export av certifikat till textformat Starta Openssl via Kommandoprompt C:\Program Files (x86)\GnuWin32\bin>openssl.exe OpenSSL> pkcs12 -in C:\Temp\test.pfx -nokeys -out c:\temp\cert.txt pkcs12 –in [sökväg till pfx fil innehållande cert och nyckel] –nokeys –out [exportfil] Enter Import Password: Skriv in lösenordet som skyddar … Continue reading Continue reading

Posted in PKI | Tagged , | Comments Off on Export av certifikat till textformat

Export av privat nyckel till textformat

Export av privat nyckel till textformat Starta Openssl via Kommandoprompt C:\Program Files (x86)\GnuWin32\bin>openssl.exe OpenSSL> pkcs12 -in C:\Temp\test.pfx -nocerts -nodes -out c:\temp\key.txt pkcs12 –in [sökväg till pfx fil innehållande cert och nyckel] –nocerts –nodes –out [exportfil] Enter Import Password: Skriv in … Continue reading Continue reading

Posted in PKI | Tagged , | Comments Off on Export av privat nyckel till textformat

Publish a CRL created with Openssl into Active Directory

When you sign a CRL with Openssl you don’t have the attribute “Published CRL Locations”. It tells where the revocation lists are or should be published. Without this attribute there is no way for certutil to know where to save … Continue reading

Posted in Active Directory, PKI | Tagged , , , , , | Comments Off on Publish a CRL created with Openssl into Active Directory

Write a CSR to a CA with Openssl

If you order i.e a wildcart certificate you dont want to generate the keys on a webserver because you cant just export them without special tools. Instead you can use openssl to make the CSR. 1. First we create a … Continue reading

Posted in PKI | Tagged , , , , | Comments Off on Write a CSR to a CA with Openssl

Working with openssl and pkcs12 files

Extract the private key without password (encryption) from your pkcs12 file openssl >pkcs12 –in keyexport.pfx –nocerts –nodes –out keyexport.prv Enter the password used to create your pkcs12 (.pfx) file Extract the private with password (encryption) from your pkcs12 file openssl >pkcs12 –in keyexport.pfx … Continue reading

Posted in PKI | Tagged , | Comments Off on Working with openssl and pkcs12 files