diff options
author | Richard Levitte <levitte@openssl.org> | 2017-12-27 18:29:36 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-12-28 16:07:58 +0100 |
commit | bfa470a4f64313651a35571883e235d3335054eb (patch) | |
tree | b6675484f7b90f396b23c34b5449e86ce8d58c4d /doc | |
parent | 8175af50cc208c09f92b30358d30dd86c798b60e (diff) |
Add 'openssl req' option to specify extension values on command line
The idea is to be able to add extension value lines directly on the
command line instead of through the config file, for example:
openssl req -new -extension 'subjectAltName = DNS:dom.ain, DNS:oth.er' \
-extension 'certificatePolicies = 1.2.3.4'
Fixes #3311
Thank you Jacob Hoffman-Andrews for the inspiration
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4986)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/req.pod | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/man1/req.pod b/doc/man1/req.pod index 5ed90ada74..db467bba17 100644 --- a/doc/man1/req.pod +++ b/doc/man1/req.pod @@ -37,6 +37,7 @@ B<openssl> B<req> [B<-days n>] [B<-set_serial n>] [B<-newhdr>] +[B<-addext ext>] [B<-extensions section>] [B<-reqexts section>] [B<-precert>] @@ -255,6 +256,14 @@ be a positive integer. The default is 30 days. Serial number to use when outputting a self signed certificate. This may be specified as a decimal value or a hex value if preceded by B<0x>. +=item B<-addext ext> + +Add a specific extension to the certificate (if the B<-x509> option is +present) or certificate request. The argument must have the form of +a key=value pair as it would appear in a config file. + +This option can be given multiple times. + =item B<-extensions section> =item B<-reqexts section> @@ -591,6 +600,14 @@ Sample configuration containing all field values: [ req_attributes ] challengePassword = A challenge password +Example of giving the most common attributes (subject and extensions) +on the command line: + + openssl req -new -subj "/C=GB/CN=foo" \ + -addext "subjectAltName = DNS:foo.co.uk" \ + -addext "certificatePolicies = 1.2.3.4" \ + -newkey rsa:2048 -keyout key.pem -out req.pem + =head1 NOTES |