How to create a CSR with empty/suppressed Attributes - Keytool
I need to generate a Certificate Sign Request with java keyTool that does not include any Attributes such as "Requested Extensions" or any related extension embedded information like so:
Currently, when i pass the below command, it returns the Attribute Requested Extension X509V3 SubjectKeyIdentifier:
keytool -certreq -alias myClient-prod-client-ssl -file certreq-myClient.csr -keystore myClient-prod-client-ssl.jks
Perhaps I am missing a suppressing -ext command in my -certreq command?
Also, I am using JDK 10.0.2, and the main issue could be that in older versions of Java these Attributes do not get constructed within the CSR.
This issue can be resolved if you use Java JDK 1.6 or less. My current VM is running JDK 10.0.2, so it automatically populated the Attribute Requested Extension X509V3 SubjectKeyIdentifier within the CSR. I just copied the keystore file to a old VM I had with JDK 1.6 and the CSR is generated with no issue.