On Mon, May 20, 2013 at 05:58:43PM +0200, Per Edlund wrote:
> Is there a way with openssl to create a key/csr with SN attribute?
[dn_req]
surname = Smith
Likewise with the "-subj" option use:
-subj "/surname=Smith".
or
-subj "/SN=Smith".
> As I can see, only CN, O, OU etc are available. If not with
> openssl, does anyone know another tool to create this with?
Reading the man page is a start:
man 1 req
...
DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT
...
The actual permitted field names are any object identifier short or
long names. These are compiled into OpenSSL and include the usual
values such as commonName, countryName, localityName, organizationName,
organizationUnitName, stateOrProvinceName. Additionally emailAddress is
include as well as name, surname, givenName initials and dnQualifier.
Additional object identifiers can be defined with the oid_file or
oid_section options in the configuration file. Any additional fields
will be treated as though they were a DirectoryString.
$ openssl x509 -in cert.pem -subject
subject= /SN=Dukhovni
-----BEGIN CERTIFICATE-----
MIIBnjCCAUWgAwIBAgIBATAKBggqhkjOPQQDAjATMREwDwYDVQQEEwhEdWtob3Zu
aTAeFw0xMzA1MjAxNjExNDZaFw0xMzA2MTkxNjExNDZaMBMxETAPBgNVBAQTCER1
a2hvdm5pMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPftMa443p6qKRnMYv2VY
Tj1B/B5d3L4o749Ta80D4FrlQnsY9IVCqxF88I9Z4MmdboWX9Q6KhhxNTvRG+3+3
+6OBiTCBhjAJBgNVHRMEAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAdBgNVHQ4EFgQU966IxQjUmZhxj89v17bW5S5/3dAwHwYDVR0jBBgwFoAU966I
xQjUmZhxj89v17bW5S5/3dAwGgYDVR0RBBMwEYIPZm9vLmV4YW1wbGUuY29tMAoG
CCqGSM49BAMCA0cAMEQCIF9dsh6UP4w7xUp3iXk6T0maDRmQ5lIoLAD6hsf3qZx2
AiA/WVhlsDdtaoMymhwe6R+UR3UlRICw3lAXS49ErJDyCA==
-----END CERTIFICATE-----
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
