On Fri, Jul 10, 2020 at 05:46:44PM +0530, Varun Rapelly wrote:
> I would like to create a self signed certificate with X509 version 2.
Why exactly "version 2". Are you per chance confused by the wire
encoding of X509 versions?
X.509 version 1 <-> 0 in certificate version field /* original specification */
X.509 version 2 <-> 1 in certificate version field /* largely unused */
X.509 version 3 <-> 2 in certificate version field /* modern specification */
X.509 Version 2 introduced the concept of subject and issuer unique
identifiers to handle the possibility of reuse of subject and/or
issuer names over time. Most certificate profile documents strongly
recommend that names not be reused, and that certificates should not
make use of unique identifiers. Version 2 certificates are not
> I know that we need to configure "Issuer and subject unique identifiers"
> for X509 v2 format certificate, but not able to find the configuration
> required (in openssl.conf) to enable it.
These fields are *optional*. You do not need to set these.
OpenSSL supports X.509v3, and has minimal support v2. You can
inspect the optional unique ids via: