Hello, Michael Tokarev <m...@tls.msk.ru> writes:
> Is there a way in certtool to override certain fields in a certificate > request when issuing a certificate, such as subject/dn, for example like > this can be done with openssl: > > openssl ca -infiles user.crs -out user.crt -subj "/CN=foo/C=BAR/O=baz" > > ? > > I tried to list dn in the template file, but apparently it is being > ignored when processing a crq and doing --generate-certificate. Just to confirm: is my understanding correct that you are trying to override DN of an existing certificate request something like the following, right? certtool --generate-certificate --load-request user.crs \ --load-ca-privkey=... --load-ca-certificate=... \ --template=overriding-dn.tmpl As far as I read the certtool code, this doesn't seem to be supported: values from the template are only respected when no certificate requests are given: https://gitlab.com/gnutls/gnutls/-/blob/5005e0825a0dba81ed94bc262e11cc67b1d50beb/src/certtool.c#L365 If there is a specific use-case for this feature, feel free to file a ticket at the issue tracker: https://gitlab.com/gnutls/gnutls/-/issues Regards, -- Daiki Ueno _______________________________________________ Gnutls-help mailing list Gnutls-help@lists.gnutls.org http://lists.gnupg.org/mailman/listinfo/gnutls-help