I need to generate a certificate requests, with a specific field "Email". I've created a configuration file to generate my request, but I can't find a way to have this "non-standard" field in my CSR.
Here is my command line
openssl req -new -newkey rsa:2048 -noenc -pubkey -config config_file.cnf -keyout my_key.key -out my_csr.csr
My config file content :
[ req ]
default_bits = 2048
prompt = no
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
CN=XXXXXXX
OU=XXXXXXX
O=XXXXXXX
L=XXXXXXX
ST=XXXXXXX
C=XXXXXXX
subjectKeyIdentifier=hash
subjectAltName=XXXXXXX
keyUsage=digitalSignature
extendedKeyUsage=clientAuth
[email protected]
With this configuration, I get the following error:
x509 certificate routines:X509_NAME_ENTRY_create_by_txt:invalid field name:../crypto/x509/x509name.c:249:name=Email
I know that there is an "emailAddress" field but it's not what I am asked.
I've tried to set the field in a "req_extensions", but without success.
I've also tried using OIDs (though I'm not sure if that's the right thing to do), but when look at the content of the CSR file (with openssl req -text -in my_csr.csr), I see the numbers associated with the OID and not the field name.