Currently I'm using certreq to prepare CSRs for S/MIME certificates. I want to move away from it and start using OpenSSL for key/CSR generation.
My .inf file looks like this:
[Version]
Signature="$Windows NT$"
[NewRequest]
RequestType=PKCS10
Subject="CN=$name,O=$org,L=$loc,C=$cc,E=$email"
KeyLength=2048
MachineKeySet=FALSE
UseExistingKeySet=FALSE
Exportable=TRUE
ProviderName="Microsoft Enhanced Cryptographic Provider v1.0"
ProviderType=1
KeySpec=1
KeyUsage=0xe0
[Extensions]
2.5.29.17 = "{text}"
_continue_ = "email=$email&"
I'd like to prepare equivalent OpenSSL .cnf file (so it results in CSR as similar as possible), but I'm kind of lost in myriad config options. Can someone more experienced with OpenSSL help?
The CSR will be used to obtain commercial S/MIME certificate.