I need to build an CSR with x500UniqueIdentifier as subject like this
|
openssl req -noout -text -in csr.pem|
|Certificate Request:
Data:
Version: 0 (0x0)
Subject: x500UniqueIdentifier=karsten.reimers
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bc:b5:a8:c3:9f:62:1d:68:ba:74:dc:7f:48:c4:
d6:2b:52:88:23:53:6e:96:80:97:55:01:d3:b9:d5:
...
75:c1:fc:be:cd:45:11:73:41:b1:8c:a1:c4:d9:d0:
dd:a8:4c:e7:b2:2c:9d:bf:d3:93:8e:e8:cd:60:d9:
8e:eb
Exponent: 65537 (0x10001)
...|
The /X500UniqueIdentifier/-Attribute has to be a Bitstring (RFC 2256).
My request looks like:
openssl req -new -batch -sha256 -key private.key -subj
"/x500UniqueIdentifier=karsten.reimers." -out csr.pem
I believe it's the wrong way to transfer the UID with the '-subj'
argument, because this way it causes the Attribute
to be written as utf8string
openssl asn1parse -in csr.pem -inform PEM
0:d=0 hl=4 l= 607 cons: SEQUENCE
4:d=1 hl=4 l= 327 cons: SEQUENCE
8:d=2 hl=2 l= 1 prim: INTEGER :00
11:d=2 hl=2 l= 26 cons: SEQUENCE
13:d=3 hl=2 l= 24 cons: SET
15:d=4 hl=2 l= 22 cons: SEQUENCE
17:d=5 hl=2 l= 3 prim: OBJECT :x500UniqueIdentifier
22:d=5 hl=2 l= 15 prim: UTF8STRING :karsten.reimers
39:d=2 hl=4 l= 290 cons: SEQUENCE
43:d=3 hl=2 l= 13 cons: SEQUENCE
45:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
56:d=4 hl=2 l= 0 prim: NULL
58:d=3 hl=4 l= 271 prim: BIT STRING
333:d=2 hl=2 l= 0 cons: cont [ 0 ]
335:d=1 hl=2 l= 13 cons: SEQUENCE
337:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
348:d=2 hl=2 l= 0 prim: NULL
350:d=1 hl=4 l= 257 prim: BIT STRING
So, can you tell me the right way ?
thanks
Karsten Reimers