![]() The policy_match section is used to generate RootCA certificates.The policy_anything is normally used for self-signed certificates where all the fields except commonName are optional. There are different policy sections available in the openssl.cnf.You can alter this section inside the openssl.cnf and add the default values, modify the conditions such as min and max allowed characters etc The req_distinguished_name field is used to get the details which will be asked while generating the CSR.The openssl command will by default consider /etc/pki/tls/openssl.cnf as the configuration file unless you specify your own configuration file using -config.Important points to consider when creating CSR Your X.509 extensions will not be properly added.You will end up creating multiple certificates for each host if you are not familiar with SAN.Your MTLS authentication will not work with TCP handshake error.RootCA may fail to sign the certificate.Writing a CSR is the most crucial part of generating a certificate.Problems which you can face with incorrect CSR So I have decided to create a dedicated tutorial to explain why CSR is important, and things to consider when writing a CSR. But there is one question where I get a lot of questions where certificate doesn't work due to incorrect entries in Certificate Signing Request. ![]() I have now covered multiple tutorials on working with openssl certificates. ![]()
0 Comments
Leave a Reply. |