Thanks everyone for the replies and the community support. I don't think I got
across what I am trying to do. I have experimented with subcommands req and
x509. The openssl x509 -in -x509toreq -signkey does *NOT*
do what I want (I'm pretty sure).
openssl x509 -x509toreq may sign a certificate
On 31 Jan 2020, at 01:25, Douglas Morris mailto:dougbmor...@yahoo.com>> wrote:
> Interesting. I think I misunderstood this explanation about the -signkey
> option: "This option causes the input file to be self signed using the
> supplied private key."
>
> Your input has me thinking that a
A CSR is self-signed to provide what's called "proof of possession" -- that
is, proof that the requester possesses the private key to the claimed
public key. It doesn't act as a CA in that case, because the CSR is not an
actual Certificate structure.
-Kyle H
On Thu, Jan 30, 2020, 18:26 Douglas
Thanks, Dw.
Interesting. I think I misunderstood this explanation about the -signkey
option: "This option causes the input file to be self signed using the supplied
private key."
Your input has me thinking that a certificate signing request is in fact
self-signed like a self-signed certificate
> On 30 Jan 2020, at 21:38, Douglas Morris via openssl-users
> wrote:
>
> I am trying to implement automated domain certificate renewal. A certificate
> signing request is sent to an ACME server and on success a certificate is
> returned. I'd like to be able to call OpenSSL to make a new
I am trying to implement automated domain certificate renewal. A certificate
signing request is sent to an ACME server and on success a certificate is
returned. I'd like to be able to call OpenSSL to make a new key and then make a
new certificate signing request just like the old one except for