PSPKI
PSPKI copied to clipboard
Adding SAN to CSR?
Hi - I'm Is there an equivalent in PSPKI of the following, which amends a CSR and authorises it, so that the new CSR can be submitted later?
certreq -policy -config CAserver/CAInstance PathToCSR.csr InfFilewithSANsettings.inf PathToNewCSRFile.csr
Where the Inf file is formatted as:
[Extensions]
2.5.29.17 = {"text"}
_continue_ = {dns="san1.fqdn"&"}
etc
Loving your module, many thanks
There is no built-in functionality to create certificate requests. You may need to use certreq with INF template.
Yeh, was looking for a way to script it without certreq dependency.
We automatically issue certs when requested, else I could amend the cert before issue, which is why I want to amend the CSR.
Thanks
Yeh, was looking for a way to script it without certreq dependency.
We automatically issue certs when requested, else I could amend the cert before issue, which is why I want to amend the CSR.
Thanks
you cannot amend request, because it is digitally signed. By editing CSR you break signature. You can edit extensions on CA when request is placed in pending requests folder. You can use Set-CertificateExtension command for this scenario.
Yeh, was looking for a way to script it without certreq dependency. We automatically issue certs when requested, else I could amend the cert before issue, which is why I want to amend the CSR. Thanks
you cannot amend request, because it is digitally signed. By editing CSR you break signature. You can edit extensions on CA when request is placed in pending requests folder. You can use Set-CertificateExtension command for this scenario.
You can the amend request - with certreq command as I specified above, the command returns a new CSR which you can then submit. - I do it regularly, try it yourself.
I'm assuming that the CA is effectively appending the requirement to the CSR file, which it recognises and actions when you submit it.