openssl3.2/test/certs - 003 - genroot “Root CA“ root-key2 root-cert2

LostSpeed2024-01-23 15:02

文章目录

    • [openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2](#openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2)
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2

概述

索引贴 => openssl3.2 - 官方demo学习 - test - certs

笔记

// openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2

// --------------------------------------------------------------------------------

// 官方原始脚本

// --------------------------------------------------------------------------------

./mkcert.sh genroot "Root CA" root-key2 root-cert2

./mkcert.sh genroot "Root Cert 2" root-key root-name2

DAYS=-1 ./mkcert.sh genroot "Root CA" root-key root-expired

// --------------------------------------------------------------------------------

// 根据截取的到命令行参数和管道中的配置内容, 修改后可以正常运行的命令行

// --------------------------------------------------------------------------------

cmd1:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key2.pem

运行正常, 没有新知识点, 无需注解

cmd2:

配置文件为 config_cfg.txt

string_mask=utf8only

[req]

prompt = no

distinguished_name = dn

[dn]

CN = Root CA

openssl req -new -sha256 -key root-key2.pem -config config_cfg.txt -out root-key2-cert_req.pem

cmd3:

配置文件为 extfile_cmd3_cfg.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-cert2.pem -extfile extfile_cmd3_cfg.txt -signkey root-key2.pem -set_serial 1 -days 36525 -in root-key2-cert_req.pem

cmd4:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem

运行正常, 没有新知识点, 无需注解

cmd5:

配置文件为 config_cmd5.txt

string_mask=utf8only

[req]

prompt = no

distinguished_name = dn

[dn]

CN = Root Cert 2

openssl req -new -sha256 -key root-key.pem -config config_cmd5.txt -out root-key_req.pem

cmd6:

配置文件=extfile_cmd6.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-name2.pem -extfile extfile_cmd6.txt -signkey root-key.pem -set_serial 1 -days 36525 -in root-key_req.pem

cmd7:

配置文件=config_cmd7.txt

string_mask=utf8only

[req]

prompt = no

distinguished_name = dn

[dn]

CN = Root CA

openssl req -new -sha256 -key root-key.pem -config config_cmd7.txt -out root-key_req.pem

cmd8:

config file = config_cmd8.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-expired.pem -extfile config_cmd8.txt -signkey root-key.pem -set_serial 1 -days -1 -in root-key_req.pem

// --------------------------------------------------------------------------------

// 在修改后的openssl入口处记录的原始日志

// --------------------------------------------------------------------------------

cmd1:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key2.pem

cmd2:

openssl req -new -sha256 -key root-key2.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

[req]

prompt = no

distinguished_name = dn

[dn]

CN = Root CA

cmd3:

openssl x509 -req -sha256 -out root-cert2.pem -extfile /dev/fd/63 -signkey root-key2.pem -set_serial 1 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

cmd4:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem

cmd5:

openssl req -new -sha256 -key root-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

[req]

prompt = no

distinguished_name = dn

[dn]

CN = Root Cert 2

cmd6:

openssl x509 -req -sha256 -out root-name2.pem -extfile /dev/fd/63 -signkey root-key.pem -set_serial 1 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

cmd7:

openssl req -new -sha256 -key root-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

[req]

prompt = no

distinguished_name = dn

[dn]

CN = Root CA

cmd8:

openssl x509 -req -sha256 -out root-expired.pem -extfile /dev/fd/63 -signkey root-key.pem -set_serial 1 -days -1

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

END

相关推荐
cooldream20092 天前
升级 OpenSSL 的详细步骤(解决 SSH 漏洞的前提)
运维·ssh·openssl
年薪丰厚2 天前
如何手动安装libcrypto.so.10和libssl.so.10这两个库?
openssl·libcrypto.so.10·libssl.so.10
恋喵大鲤鱼15 天前
openssl(1) command
openssl
pzs022118 天前
openssl的使用
openssl
小亦小亦_空中接力20 天前
openssl+keepalived安装部署
openssl·keepalived
摸鱼手会滑22 天前
源码编译安装python3.12没有ssl模块,python3.12 ModuleNotFoundError: No module named ‘_ssl‘
ssl·openssl·python3
老朱自强不息1 个月前
Windows 平台编译openssl3.3
windows·openssl
promise5242 个月前
openssl 详解
linux·运维·服务器·网络协议·安全·https·openssl
俱会一处2 个月前
用openssl 创建自签名证书用于内网HTTPS
https·openssl·内网·局域网
xiaogengtongxu2 个月前
CA证书和openssl介绍
网络·安全·openssl
热门推荐
01分享几个惊艳的 Three.js 个人站点02【经验分享】Ubuntu22.04安装微信(linux官方版)032024年高教社杯数学建模国赛C题超详细解题思路分析04组基轨迹建模 GBTM的介绍与实现(Stata 或 R)05安卓系列机型永久去除data分区加密 详细步骤解析06【2024数模国赛赛题思路公开】国赛B题思路丨附可运行代码丨无偿自提07CTF网络安全大赛简单的web抓包题目:HEADache08Ubuntu24.04安装中文输入法09【2024高教社杯全国大学生数学建模竞赛】B题 生产过程中的决策问题——解题思路 代码 论文10springer 在线投稿编译踩坑