openssl3.2/test/certs - 003 - genroot “Root CA“ root-key2 root-cert2

LostSpeed2024-01-23 15:02

文章目录

    • [openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2](#openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2)
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2

概述

索引贴 => openssl3.2 - 官方demo学习 - test - certs

笔记

// openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2

// --------------------------------------------------------------------------------

// 官方原始脚本

// --------------------------------------------------------------------------------

./mkcert.sh genroot "Root CA" root-key2 root-cert2

./mkcert.sh genroot "Root Cert 2" root-key root-name2

DAYS=-1 ./mkcert.sh genroot "Root CA" root-key root-expired

// --------------------------------------------------------------------------------

// 根据截取的到命令行参数和管道中的配置内容, 修改后可以正常运行的命令行

// --------------------------------------------------------------------------------

cmd1:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key2.pem

运行正常, 没有新知识点, 无需注解

cmd2:

配置文件为 config_cfg.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root CA

openssl req -new -sha256 -key root-key2.pem -config config_cfg.txt -out root-key2-cert_req.pem

cmd3:

配置文件为 extfile_cmd3_cfg.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-cert2.pem -extfile extfile_cmd3_cfg.txt -signkey root-key2.pem -set_serial 1 -days 36525 -in root-key2-cert_req.pem

cmd4:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem

运行正常, 没有新知识点, 无需注解

cmd5:

配置文件为 config_cmd5.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root Cert 2

openssl req -new -sha256 -key root-key.pem -config config_cmd5.txt -out root-key_req.pem

cmd6:

配置文件=extfile_cmd6.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-name2.pem -extfile extfile_cmd6.txt -signkey root-key.pem -set_serial 1 -days 36525 -in root-key_req.pem

cmd7:

配置文件=config_cmd7.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root CA

openssl req -new -sha256 -key root-key.pem -config config_cmd7.txt -out root-key_req.pem

cmd8:

config file = config_cmd8.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-expired.pem -extfile config_cmd8.txt -signkey root-key.pem -set_serial 1 -days -1 -in root-key_req.pem

// --------------------------------------------------------------------------------

// 在修改后的openssl入口处记录的原始日志

// --------------------------------------------------------------------------------

cmd1:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key2.pem

cmd2:

openssl req -new -sha256 -key root-key2.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root CA

cmd3:

openssl x509 -req -sha256 -out root-cert2.pem -extfile /dev/fd/63 -signkey root-key2.pem -set_serial 1 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

cmd4:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem

cmd5:

openssl req -new -sha256 -key root-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root Cert 2

cmd6:

openssl x509 -req -sha256 -out root-name2.pem -extfile /dev/fd/63 -signkey root-key.pem -set_serial 1 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

cmd7:

openssl req -new -sha256 -key root-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root CA

cmd8:

openssl x509 -req -sha256 -out root-expired.pem -extfile /dev/fd/63 -signkey root-key.pem -set_serial 1 -days -1

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

END

相关推荐
十五年专注C++开发2 天前
CMake进阶:vcpkg中OpenSSLConfig.cmake详解
c++·windows·cmake·openssl·跨平台编译
一个平凡而乐于分享的小比特3 天前
OpenSSL 全面解析:从入门到精通
密码学·openssl·隐私安全
mooyuan天天7 天前
万字详解心脏滴血漏洞复现:原理详解+环境搭建+渗透实践(CVE-2014-0160)
openssl·心脏滴血漏洞·cve-2014-0160
bkspiderx12 天前
OpenSSL全解析:从基础原理到交叉编译与实战应用
openssl
ZXF_H1 个月前
C/C++ OpenSSL自适应格式解析证书二进制字节流
c语言·开发语言·c++·openssl
龚建波1 个月前
记录:vcpkg清单模式安装指定版本的curl和OpenSSL
openssl·curl·vcpkg
YouEmbedded1 个月前
解码ARM 开发板 OpenSSL+cURL 交叉编译与 HTTPS 配置
https·openssl·curl
吃西瓜的星星1 个月前
从0开始完成ActiveMQ-cpp在windows_x86平台的编译(从编译openssl开始)
activemq·openssl·c/c++
赖small强2 个月前
【ZeroRange WebRTC】OpenSSL 与 WebRTC:原理、集成与实践指南
webrtc·openssl·x.509·证书验证·tls/dtls
openHiTLS密码开源社区2 个月前
密码学系统的核心防护:FUZZ测试(模糊测试)技术原理与行业实践
openssl·fuzz测试·模糊测试·形式化验证·openhitls
热门推荐
01GitHub 镜像站点02安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)03手把手教你通过Gemini3 pro 学生认证,白用一年,手慢无!04Linux下V2Ray安装配置指南05Labelme从安装到标注:零基础完整指南06jdk21下载、安装(Windows、Linux、macOS)07UV安装并设置国内源08【踩坑笔记】50系显卡适配的 PyTorch 安装09GitLab 零基础入门指南:从安装到项目管理全流程102025-04-03 Latex学习1——本地配置Latex + VScode环境