openssl3.2/test/certs - 003 - genroot “Root CA“ root-key2 root-cert2

LostSpeed2024-01-23 15:02

文章目录

    • [openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2](#openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2)
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2

概述

索引贴 => openssl3.2 - 官方demo学习 - test - certs

笔记

// openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2

// --------------------------------------------------------------------------------

// 官方原始脚本

// --------------------------------------------------------------------------------

./mkcert.sh genroot "Root CA" root-key2 root-cert2

./mkcert.sh genroot "Root Cert 2" root-key root-name2

DAYS=-1 ./mkcert.sh genroot "Root CA" root-key root-expired

// --------------------------------------------------------------------------------

// 根据截取的到命令行参数和管道中的配置内容, 修改后可以正常运行的命令行

// --------------------------------------------------------------------------------

cmd1:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key2.pem

运行正常, 没有新知识点, 无需注解

cmd2:

配置文件为 config_cfg.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root CA

openssl req -new -sha256 -key root-key2.pem -config config_cfg.txt -out root-key2-cert_req.pem

cmd3:

配置文件为 extfile_cmd3_cfg.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-cert2.pem -extfile extfile_cmd3_cfg.txt -signkey root-key2.pem -set_serial 1 -days 36525 -in root-key2-cert_req.pem

cmd4:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem

运行正常, 没有新知识点, 无需注解

cmd5:

配置文件为 config_cmd5.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root Cert 2

openssl req -new -sha256 -key root-key.pem -config config_cmd5.txt -out root-key_req.pem

cmd6:

配置文件=extfile_cmd6.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-name2.pem -extfile extfile_cmd6.txt -signkey root-key.pem -set_serial 1 -days 36525 -in root-key_req.pem

cmd7:

配置文件=config_cmd7.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root CA

openssl req -new -sha256 -key root-key.pem -config config_cmd7.txt -out root-key_req.pem

cmd8:

config file = config_cmd8.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-expired.pem -extfile config_cmd8.txt -signkey root-key.pem -set_serial 1 -days -1 -in root-key_req.pem

// --------------------------------------------------------------------------------

// 在修改后的openssl入口处记录的原始日志

// --------------------------------------------------------------------------------

cmd1:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key2.pem

cmd2:

openssl req -new -sha256 -key root-key2.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root CA

cmd3:

openssl x509 -req -sha256 -out root-cert2.pem -extfile /dev/fd/63 -signkey root-key2.pem -set_serial 1 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

cmd4:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem

cmd5:

openssl req -new -sha256 -key root-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root Cert 2

cmd6:

openssl x509 -req -sha256 -out root-name2.pem -extfile /dev/fd/63 -signkey root-key.pem -set_serial 1 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

cmd7:

openssl req -new -sha256 -key root-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root CA

cmd8:

openssl x509 -req -sha256 -out root-expired.pem -extfile /dev/fd/63 -signkey root-key.pem -set_serial 1 -days -1

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

END

相关推荐
深耕AI15 天前
Win64OpenSSL-3_5_2.exe【安装步骤】
openssl
看那山瞧那水16 天前
DELPHI 利用OpenSSL实现加解密,证书(X.509)等功能
delphi·openssl
洋哥网络科技1 个月前
openssl升级
openssl
Lazy Dave1 个月前
gmssl私钥文件格式
网络安全·ssl·openssl
沉在嵌入式的鱼2 个月前
RK3588移植Openssl库
linux·rk3588·openssl
黑屋里的马2 个月前
ssl相关命令生成证书
服务器·网络·ssl·openssl·gmssl
fangeqin2 个月前
ubuntu源码安装python3.13遇到Could not build the ssl module!解决方法
linux·python·ubuntu·openssl
API开发3 个月前
苹果芯片macOS安装版Homebrew(亲测) ,一键安装node、python、vscode等,比绿色软件还干净、无污染
vscode·python·docker·nodejs·openssl·brew·homebrew
码农不惑3 个月前
Rust使用tokio(二)HTTPS相关
https·rust·web·openssl
liulilittle3 个月前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法并通过OPENSSL加密验证算法正确性。
linux·服务器·c++·算法·安全·加密·openssl
热门推荐
01GitHub 镜像站点02UV 工具安装与国内镜像源配置指南0346个Nano-banana 精选提示词,持续更新中04Claude Code 平替:OpenAI发布 Codex CLI ,GPT-5 国内直接使用05UV安装并设置国内源06保姆级教程:手把手教你用Dify实现完美多轮对话(附Chatflow和提示词)07A股预测还能更准?开源大模型Kronos带你跑通预测+回测全流程08Spec-Kit 使用指南09解决 WSL Ubuntu 中 /etc/resolv.conf 自动重置问题10KGG转MP3工具|非KGM文件|解密音频