> On Dec 28, 2017, at 4:34 PM, Dmitry Belyavsky <[hidden email]> wrote:
> Great news!
> Does it work for certificates too?
The updated documentation says:
+=item B<-addext ext>
+Add a specific extension to the certificate (if the B<-x509> option is
+present) or certificate request. The argument must have the form of
+a key=value pair as it would appear in a config file.
+This option can be given multiple times.
So it should work for "openssl req -x509". There should probably be
corresponding changes for "openssl x509 -req", which can be used for
more than just self-signed certs.
> On Dec 28, 2017, at 5:16 PM, Salz, Rich via openssl-users <[hidden email]> wrote:
> No, but that would be simple to add if you are up for doing the PR.
For the record, as mentioned in a previous post, this is already
available for self-signed certificates (via openssl req -x509).
What's missing is support for ca-issued certificates
(via openssl x509 -req).