0

I have created key, pem and exported certificate with the following commands

openssl genrsa -out Kumar.key 2048
openssl req -x509 -new -nodes -key Kumar.key -sha256 -days 1024 -out Kumar.pem
openssl pkcs12 -export -name Kumar -in Kumar.pem -inkey Kumar.key -out Kumar.p12

When i installed certificate in machine personal store, it shows

Issue to Kumar and Issued by Kumar

I want to change Issued by value to localhost.

Should i change or use any other command to update the value of Issued by?

Thanks id advance.

jww
  • 97,681
  • 90
  • 411
  • 885
Kumar
  • 3,782
  • 4
  • 39
  • 87
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. – jww Mar 10 '17 at 00:19
  • @jww This is related to development. This is not about OS related questions or any. When enabling ssl for my web application, i am facing such issue. – Kumar Mar 10 '17 at 04:51
  • A good sniff test is, Can you show the code. In this case, the answer is probably No. There are better sites to help you with PKI, Issuers, Subjects, OpenSSL commands and how to use an OpenSSL CONF file. I eat my own dog food. When I have command question, I go to [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/). I don't ask them here. – jww Mar 10 '17 at 14:47
  • Your OpenSSL command is probably wrong. You are creating a self signed certificate, not a signing request. See [How do you sign Certificate Signing Request with your Certification Authority](http://stackoverflow.com/a/21340898/608639) and [How to create a self-signed certificate with openssl?](http://stackoverflow.com/q/10175812/608639). – jww Mar 10 '17 at 14:52
  • Thank you to make it clear. – Kumar Mar 11 '17 at 15:34

1 Answers1

-2

To change Issued by to 'localhost', you will need to change this line

openssl req -x509 -new -nodes -key Kumar.key -sha256 -days 1024 -out Kumar.pem

by this command

openssl req -x509 -new -nodes -key Kumar.key -sha256 -days 1024 -out Kumar.pem -outform PEM -subj /CN=localhost

However, this command "openssl req" will create the root certificate, hence, Issued By value will always be the same as the Issued To value

You need to generate a self-signed certificate from this CA certificate in order to have Issued by = localhost and Issued to = Kumar See this article on how to create a self signed certificate, especially the section "Create a Certificate"

# openssl ca -config intermediate/openssl.cnf \
      -extensions server_cert -days 375 -notext -md sha256 \
      -in intermediate/csr/www.example.com.csr.pem \
      -out intermediate/certs/www.example.com.cert.pem

However, keep in mind that it doesn't make sense to have a CA name of 'localhost' as it doesn't define a specific entity but is rather generic.

Frederic
  • 2,015
  • 4
  • 20
  • 37
  • No its not working. Both value are same when using your suggestion. – Kumar Mar 10 '17 at 05:13
  • As I mention in my answer above, the values will always be the same as you are generating a CA certificate. Can you display the content of your OpenSSL.cnf file ? – Frederic Mar 10 '17 at 17:36