On Mon, May 20, 2013 at 05:58:43PM +0200, Per Edlund wrote: > Is there a way with openssl to create a key/csr with SN attribute?
[dn_req] surname = Smith Likewise with the "-subj" option use: -subj "/surname=Smith". or -subj "/SN=Smith". > As I can see, only CN, O, OU etc are available. If not with > openssl, does anyone know another tool to create this with? Reading the man page is a start: man 1 req ... DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT ... The actual permitted field names are any object identifier short or long names. These are compiled into OpenSSL and include the usual values such as commonName, countryName, localityName, organizationName, organizationUnitName, stateOrProvinceName. Additionally emailAddress is include as well as name, surname, givenName initials and dnQualifier. Additional object identifiers can be defined with the oid_file or oid_section options in the configuration file. Any additional fields will be treated as though they were a DirectoryString. $ openssl x509 -in cert.pem -subject subject= /SN=Dukhovni -----BEGIN CERTIFICATE----- MIIBnjCCAUWgAwIBAgIBATAKBggqhkjOPQQDAjATMREwDwYDVQQEEwhEdWtob3Zu aTAeFw0xMzA1MjAxNjExNDZaFw0xMzA2MTkxNjExNDZaMBMxETAPBgNVBAQTCER1 a2hvdm5pMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPftMa443p6qKRnMYv2VY Tj1B/B5d3L4o749Ta80D4FrlQnsY9IVCqxF88I9Z4MmdboWX9Q6KhhxNTvRG+3+3 +6OBiTCBhjAJBgNVHRMEAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD AjAdBgNVHQ4EFgQU966IxQjUmZhxj89v17bW5S5/3dAwHwYDVR0jBBgwFoAU966I xQjUmZhxj89v17bW5S5/3dAwGgYDVR0RBBMwEYIPZm9vLmV4YW1wbGUuY29tMAoG CCqGSM49BAMCA0cAMEQCIF9dsh6UP4w7xUp3iXk6T0maDRmQ5lIoLAD6hsf3qZx2 AiA/WVhlsDdtaoMymhwe6R+UR3UlRICw3lAXS49ErJDyCA== -----END CERTIFICATE----- -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org