Menu
I have a csr(Certificate Signing Request).
I have to just change the CN from that csr, leaving other fields intact. It is like updating the existing csr.
This should be done automatically. Is there any method to do this in c/c++/openssl?
817
You cannot change anything in the request file, because it is a digitally signed message. If you change at least one bit there, you invalidate the signature. CA server will reject it.
What you can do:
71
TL;DR:
Try this:
openssl req -in /your/csr/file.csr -out /your/csr/newfile.csr -subj "/C=ID/ST=REDACTED/L=REDACTED/O=REDACTED/OU=REDACTED/CN=newsubdomain.example.com"
More descriptive way:
If you describe the CSR with openssl command openssl req -in /your/csr/file.csr -noout -text you will see there are some sections in it:
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=ID, ST=REDACTED, L=REDACTED, O=REDACTED, OU=REDACTED, CN=subdomain.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:aa:bb:cc:dd:ee:ff:aa:bb:cc:dd:ee:ff:00:11:
To get the current Subject part of your CSR, you can run this command: openssl req -in /your/csr/file.csr -noout -subject, and you will get this:
subject=/C=ID/ST=REDACTED/L=REDACTED/O=REDACTED/OU=REDACTED/CN=subdomain.example.com
You can change it to match your need by running this command:
openssl req -in /your/csr/file.csr -out /your/csr/newfile.csr -subj "/C=ID/ST=REDACTED/L=REDACTED/O=REDACTED/OU=REDACTED/CN=newsubdomain.example.com"
Then voila! your have a new CSR with the same public key (the Subject Public Key Info section) with updated Subject part. You can always inspect your CSR again with the same command as above, but remember to specify the correct file (i.e. /your/csr/newfile.csr).
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
