On 5/15/2013 1:48 PM, Cristian Thiago Moecke wrote:
Yes, good point. You need the private key also, but if the idea is just
to use the certificate as a template to generate a new request for a key
that you do own (I think the most common case when you want a new
requisiton with the same data), it is possible.
openssl x509 -x509toreq -in_certificate.crt_ -out_CSR.csr_
-signkey_privateKey.key_
Nice feature!
Is there a similar option/command to create a CSR with a new keypair
but the same properties (except dates, hashes etc.)? This would be
handy for certificate renewals.
In other words something equivalent to
openssl x509 -noout -text -in in_certificate.crt > in_certificate.txt
editor in_certificate.txt tmp_openssl.cnf
# Painstakingly convert each aspect of in_certificate.txt into
# configuration lines that cause requests to specify those same
# properties (attributes, DN fields, usage etc.)
openssl req -config tmp_openssl.cnf -newkey type:length -keyout
new_certificate.key -out new_certificate.csr
# Now send new_certificate.csr and some money to your preferred CA
# and get back new_certificate.crt, which is just like
# in_certtificate.crt, except with a new key and a new validity
# period.
On Wed, May 15, 2013 at 7:27 AM, Daniel Black
<[email protected] <mailto:[email protected]>> wrote:
On 15/05/13 18:37, Felipe Gasper wrote:
> If I have an SSL certificate, it is possible to create a CSR with
that
> certificate’s subject and public key?
A certificate request is signed by the private key so no, its not
possible.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
