I know how to sign a CSR using openssl, but the result certificate is an x509 v1, and not v3.
I'm using the following commands:
x509 -req -days 365 -in myCSR.csr -CA myCA.crt -CAkey myCA.key -CAcreateserial -out userCertificate.crt
I've searched but have not been able to find a solution. Is there another way to do this programmatically?
You need to specify an extensions file.
For example:
openssl x509 -days 365 -in myCSR.csr -extfile v3.ext -CA myCA.crt -CAkey myCA.key -CAcreateserial -out userCertificate.crt
The extensions file (v3.ext) can look like this:
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment