We are moving from OpenSSL to Java to handle CSRs for our CA. Our devices require a custom 'description' field as part of the Subject sequence.
(Related link) https://linux.die.net/man/3/x509_name_get_text_by_nid The following command line fails (we are using a HSM but that's not relevant to the question) java -Dprotect=module -DignorePassphrase=true sun.security.tools.keytool.Main -certreq -alias myalias -file c:\mycerts\certs\cert23may.csr.pem -keypass 000000 -dname "C=US,ST=CA,L=Cupertino,O=Apple\ Computer,OU=MyUnit,CN=MyServer,description=1495543419" -keystore c:\mycerts\private\may18_2017.ncsw -sigalg SHA256withECDSA -storepass 000000 -storetype nCipher.sworld keytool error: java.io.IOException: Invalid keyword "DESCRIPTION" Similar OpenSSL command: openssl req -config openssl_cp2.cnf -new -days 9100 -key /mycerts/private/private.key.pem -out /certs/csr/my.csr.pem -subj "/C=US/ST=CA/L=Cupertino/O=Apple\ Computer/OU=MyUnit/CN=MyServer/description=1495543419" -verify I've dug around and have not found a way to get Java keytool to take the custom description=xxxx field. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto