Skip to main content

Create OpenSSL configuration files

Create an OpenSSL configuration file (e.g. openssl.cfg) that contains:

  • All the required certificate fields set within the desired certificate profile.

  • The enrollment code for the seat ID you are enrolling for a cert via SCEP, defined as challengePassword.

This is an example showing all supported SCEP fields in Subject DN and SAN extension, and a test enrollment code (challengePassword):

SAN_FIELDS = IP:10.0.0.10, URI:http://www.digicert.com/, RID:1.2.3.4, DNS:first.digicert.com , DNS:second.digicert.com , email:noreply@digicert.com , email:noreply@mailinator.com

[ req ]

prompt = no

distinguished_name = req_distinguished_name

req_extensions = req_ext

attributes = req_attributes

[ req_distinguished_name ]

CN = device-seat-01

1.OU = Test OU 1

2.OU = Test OU 2

O = Test Org

L = Test Locality

ST = Test State

C = US

postalCode = 02860

serialNumber = sn0001

unstructuredName = Test Unstructured Name

unstructuredAddress = Test Unstructured Address

description = Test Description

[ req_ext ]

subjectAltName = $SAN_FIELDS

[ req_attributes ]

challengePassword = RLW60QNN7WJ7