5

I would like to know if it is possible to insert a friendly name in a generated certificate, or in a p7 file. I found that is possible with a p12 file with -name option, but it seems to be impossible with a certificate or a p7...

For information, here are my two commands. My goal is to use a java program to extract a certificate in the p7 file, using the friendly name to identify it.

openssl x509 -req -days 365 -in final.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out signedfinal.crt -extensions x509v3
openssl crl2pkcs7 -certfile ca.crt -certfile signedfinal.crt -out file.p7 -nocrl
agentn
  • 51
  • 1
  • 2
  • Certs in PKCS7/CMS SignedData (often called p7b or p7c when used for certs/CRLs only) do not have any external attribute(s) including friendly name, and are an ASN.1 SET which does not preserve order. And a plain cert has nothing external at all. If you are generating the cert(s) you can put any identifying value(s) you want _inside_ the cert Subject and/or an extension, but that will be permanently in the cert and visible to all programs and people that subsequently use it. – dave_thompson_085 Jan 07 '18 at 03:30
  • Ok, so if i well understood, adding a friendly name in p7 is not implemented by default ? If i need one, i have to add it manually, but how should i do it ? My certs are in b64 format ... – agentn Feb 07 '18 at 09:32
  • 2
    As I said, there is no friendlyname in p7b/p7c format. Not by defaut, not manually, not magically, not by any means at all ever. If you want some additional name inside the cert, which will be present in all copies and all formats, you have to put it in when the cert is generated, or if the cert is generated from a CSR as usually you may be able to put it in the CSR _before_ the cert is generated. – dave_thompson_085 Feb 07 '18 at 22:52

0 Answers0