How to add custom field to certificate using openssl

Question

I'm trying to create certificates for internal use. I'm the CA and I would like to have an additional field in my client certificates so that when I generate a certificate for a client, it will hold some specific data in that field.

I read the following article and another article and I understand that I can do that with x509 v3 format by generating an oid for each field, and then use it with the -extfile parameter when creating the public key so I took the deafult /etc/ssl/openssl.cnf config file and uncomment one of the mentioned fields:

[ new_oids ]
testoid1 = 1.2.3.4

Then I generate all the certificates by the following:

openssl genrsa -aes256 -out ca-key.pem 4096
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem -config openssl.cnf 
openssl genrsa -out key.pem 4096
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem  -CAcreateserial -out cert.pem -extfile extfile.cnf

Where extfile.cnf content is:

1.2.3.4 = Something

I get:

Error Loading extension section default
140218200073872:error:22097082:X509 V3 routines:DO_EXT_NCONF:unknown extension name:v3_conf.c:125:
140218200073872:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=1.2.3.4, value=Something
unable to write 'random state'

Documentation in this topic is lacking. Can someone walk me through it and explain how it can be done?

Answer 1

In order to add a custom field, first create a config file:

[req]
req_extensions = v3_req

[v3_req]
1.2.3.4.5.6.7.8=ASN1:UTF8String:Something

Then, create the CSR:

openssl req [params] -out mycsr.csr -config myconfig.cnf

Then, Create the certificate:

openssl x509 -req -sha256 -in mycsr.csr [params] -out mycert.pem -extfile myconfig.cnf -extensions v3_req