From bfa470a4f64313651a35571883e235d3335054eb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 27 Dec 2017 18:29:36 +0100 Subject: Add 'openssl req' option to specify extension values on command line The idea is to be able to add extension value lines directly on the command line instead of through the config file, for example: openssl req -new -extension 'subjectAltName = DNS:dom.ain, DNS:oth.er' \ -extension 'certificatePolicies = 1.2.3.4' Fixes #3311 Thank you Jacob Hoffman-Andrews for the inspiration Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/4986) --- doc/man1/req.pod | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'doc') diff --git a/doc/man1/req.pod b/doc/man1/req.pod index 5ed90ada74..db467bba17 100644 --- a/doc/man1/req.pod +++ b/doc/man1/req.pod @@ -37,6 +37,7 @@ B B [B<-days n>] [B<-set_serial n>] [B<-newhdr>] +[B<-addext ext>] [B<-extensions section>] [B<-reqexts section>] [B<-precert>] @@ -255,6 +256,14 @@ be a positive integer. The default is 30 days. Serial number to use when outputting a self signed certificate. This may be specified as a decimal value or a hex value if preceded by B<0x>. +=item B<-addext ext> + +Add a specific extension to the certificate (if the B<-x509> option is +present) or certificate request. The argument must have the form of +a key=value pair as it would appear in a config file. + +This option can be given multiple times. + =item B<-extensions section> =item B<-reqexts section> @@ -591,6 +600,14 @@ Sample configuration containing all field values: [ req_attributes ] challengePassword = A challenge password +Example of giving the most common attributes (subject and extensions) +on the command line: + + openssl req -new -subj "/C=GB/CN=foo" \ + -addext "subjectAltName = DNS:foo.co.uk" \ + -addext "certificatePolicies = 1.2.3.4" \ + -newkey rsa:2048 -keyout key.pem -out req.pem + =head1 NOTES -- cgit v1.2.3