Hi all,
I was handed a seemingly simple task, yet it is so tricky I have spent days without any good returns.
Given : an externally generated CSR, a root key (in a HSM)
Task : to sign the CSR with the root CA while at the same time adding several certificate extensions and SAN to the resulting certificate
Tried : certutil (it is not possible since there is no way a signed CSR can be modified) and certreq (the only way possible to include the extensions is to re-create a new CSR from the root CA).
I would looooovee it if someone could come and shed some light for me...
Thanks,
Hans
P.S. If the questions or the explanations are not clear in any way, please let me know and I will clarify.