This is an automated archive.
The original was posted on /r/openssl by /u/Troubleshooter5000 on 2023-06-01 18:29:36+00:00.
My org has been using certreq with an inf file to generate CSRs. I want to make this process work with OpenSSL instead. I though I remember seeing something about using a CFG file or CONF file or something. How can I make this inf file work with OpenSSL?
Edit for posterity:
I was able to resolve my issue without having to translate this INF file into an OpenSSL format. But as u/NL_Gray-Fox said, it probably wouldn’t take much time. See my post here for my solution.
[Version]
Signature="$Windows NT$"
[NewRequest]
Subject = "C=US, ST=XX, L=My City, OU=My OU, O=My Org, CN=EXAMPLE-CERT.replace.myorg.com"
Exportable = TRUE
KeyLength = 2048
KeySpec = 1
KeyUsage = 0xA0
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
SMIME = FALSE
RequestType = CMC
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
RequestType = PKCS10
HashAlgorithm = SHA256
; At least certreq.exe shipping with Windows Vista/Server 2008 is required to interpret the [Strings] and [Extensions] sections below
[Strings]
szOID_SUBJECT_ALT_NAME2 = "2.5.29.17"
szOID_ENHANCED_KEY_USAGE = "2.5.29.37"
szOID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1"
szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2"
[Extensions]
%szOID_SUBJECT_ALT_NAME2% = "{text}dns=myservername1.myorg.com&dns=myservername2.myorg.com"
%szOID_ENHANCED_KEY_USAGE% = "{text}%szOID_PKIX_KP_SERVER_AUTH%,%szOID_PKIX_KP_CLIENT_AUTH%"
[RequestAttributes]
CertificateTemplate= WebServer
You must log in or # to comment.