openssl3.2/test/certs - 003 - genroot “Root CA“ root-key2 root-cert2

文章目录

    • [openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2](#openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2)
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2

概述

索引贴 => openssl3.2 - 官方demo学习 - test - certs

笔记

// openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2

// --------------------------------------------------------------------------------

// 官方原始脚本

// --------------------------------------------------------------------------------

./mkcert.sh genroot "Root CA" root-key2 root-cert2

./mkcert.sh genroot "Root Cert 2" root-key root-name2

DAYS=-1 ./mkcert.sh genroot "Root CA" root-key root-expired

// --------------------------------------------------------------------------------

// 根据截取的到命令行参数和管道中的配置内容, 修改后可以正常运行的命令行

// --------------------------------------------------------------------------------

cmd1:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key2.pem

运行正常, 没有新知识点, 无需注解

cmd2:

配置文件为 config_cfg.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root CA

openssl req -new -sha256 -key root-key2.pem -config config_cfg.txt -out root-key2-cert_req.pem

cmd3:

配置文件为 extfile_cmd3_cfg.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-cert2.pem -extfile extfile_cmd3_cfg.txt -signkey root-key2.pem -set_serial 1 -days 36525 -in root-key2-cert_req.pem

cmd4:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem

运行正常, 没有新知识点, 无需注解

cmd5:

配置文件为 config_cmd5.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root Cert 2

openssl req -new -sha256 -key root-key.pem -config config_cmd5.txt -out root-key_req.pem

cmd6:

配置文件=extfile_cmd6.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-name2.pem -extfile extfile_cmd6.txt -signkey root-key.pem -set_serial 1 -days 36525 -in root-key_req.pem

cmd7:

配置文件=config_cmd7.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root CA

openssl req -new -sha256 -key root-key.pem -config config_cmd7.txt -out root-key_req.pem

cmd8:

config file = config_cmd8.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-expired.pem -extfile config_cmd8.txt -signkey root-key.pem -set_serial 1 -days -1 -in root-key_req.pem

// --------------------------------------------------------------------------------

// 在修改后的openssl入口处记录的原始日志

// --------------------------------------------------------------------------------

cmd1:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key2.pem

cmd2:

openssl req -new -sha256 -key root-key2.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root CA

cmd3:

openssl x509 -req -sha256 -out root-cert2.pem -extfile /dev/fd/63 -signkey root-key2.pem -set_serial 1 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

cmd4:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem

cmd5:

openssl req -new -sha256 -key root-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root Cert 2

cmd6:

openssl x509 -req -sha256 -out root-name2.pem -extfile /dev/fd/63 -signkey root-key.pem -set_serial 1 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

cmd7:

openssl req -new -sha256 -key root-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = Root CA

cmd8:

openssl x509 -req -sha256 -out root-expired.pem -extfile /dev/fd/63 -signkey root-key.pem -set_serial 1 -days -1

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

END

相关推荐
深耕AI5 天前
Win64OpenSSL-3_5_2.exe【安装步骤】
openssl
看那山瞧那水6 天前
DELPHI 利用OpenSSL实现加解密,证书(X.509)等功能
delphi·openssl
洋哥网络科技16 天前
openssl升级
openssl
Lazy Dave1 个月前
gmssl私钥文件格式
网络安全·ssl·openssl
沉在嵌入式的鱼2 个月前
RK3588移植Openssl库
linux·rk3588·openssl
黑屋里的马2 个月前
ssl相关命令生成证书
服务器·网络·ssl·openssl·gmssl
fangeqin2 个月前
ubuntu源码安装python3.13遇到Could not build the ssl module!解决方法
linux·python·ubuntu·openssl
API开发3 个月前
苹果芯片macOS安装版Homebrew(亲测) ,一键安装node、python、vscode等,比绿色软件还干净、无污染
vscode·python·docker·nodejs·openssl·brew·homebrew
码农不惑3 个月前
Rust使用tokio(二)HTTPS相关
https·rust·web·openssl
liulilittle3 个月前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法并通过OPENSSL加密验证算法正确性。
linux·服务器·c++·算法·安全·加密·openssl