openssl3.2/test/certs - 025 - client intermediate ca: cca-cert

LostSpeed2024-01-24 21:07

文章目录

    • [openssl3.2/test/certs - 025 - client intermediate ca: cca-cert](#openssl3.2/test/certs - 025 - client intermediate ca: cca-cert)
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 025 - client intermediate ca: cca-cert

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

// \file my_openssl_linux_log_doc_025.txt

// \note openssl3.2/test/certs - 025 - client intermediate ca: cca-cert

// --------------------------------------------------------------------------------

// 官方脚本

// --------------------------------------------------------------------------------

// openssl3.2/test/certs - 025 - client intermediate ca: cca-cert

./mkcert.sh genca -p clientAuth "CA" ca-key cca-cert root-key root-cert

// --------------------------------------------------------------------------------

// openssl cmd line parse

// --------------------------------------------------------------------------------

// cmd 1:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ca-key.pem

// cmd 2:

config file = cfg_exp025_cmd2.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = CA

openssl req -new -sha256 -key ca-key.pem -config cfg_exp025_cmd2.txt -out ca-key-req.pem

// cmd 3:

config file = cfg_exp025_cmd3.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

extendedKeyUsage = clientAuth

openssl x509 -req -sha256 -out cca-cert.pem -extfile cfg_exp025_cmd3.txt -CA root-cert.pem -CAkey root-key.pem -set_serial 2 -days 36525 -in ca-key-req.pem

// --------------------------------------------------------------------------------

// openssl log

// --------------------------------------------------------------------------------

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ca-key.pem

openssl req -new -sha256 -key ca-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = CA

openssl x509 -req -sha256 -out cca-cert.pem -extfile /dev/fd/63 -CA root-cert.pem -CAkey root-key.pem -set_serial 2 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true

keyUsage = keyCertSign,cRLSign

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid

extendedKeyUsage = clientAuth

END

相关推荐
coder4_12 天前
OpenSSL 加密算法与证书管理全解析:从基础到私有 CA 实战
https·openssl·ssl/tls·加密算法·ca证书
王小义笔记19 天前
windows电脑如何执行openssl rand命令
windows·openssl
Humbunklung22 天前
VC++ 使用OpenSSL创建RSA密钥PEM文件
开发语言·c++·openssl
深耕AI2 个月前
Win64OpenSSL-3_5_2.exe【安装步骤】
openssl
看那山瞧那水2 个月前
DELPHI 利用OpenSSL实现加解密,证书(X.509)等功能
delphi·openssl
洋哥网络科技2 个月前
openssl升级
openssl
Lazy Dave2 个月前
gmssl私钥文件格式
网络安全·ssl·openssl
沉在嵌入式的鱼3 个月前
RK3588移植Openssl库
linux·rk3588·openssl
黑屋里的马3 个月前
ssl相关命令生成证书
服务器·网络·ssl·openssl·gmssl
fangeqin4 个月前
ubuntu源码安装python3.13遇到Could not build the ssl module!解决方法
linux·python·ubuntu·openssl
热门推荐
01GitHub 镜像站点02BongoCat - 跨平台键盘猫动画工具03UV安装并设置国内源04Linux下V2Ray安装配置指南05GitLab 零基础入门指南:从安装到项目管理全流程06NVIDIA显卡驱动、CUDA、cuDNN 和 TensorRT 版本匹配指南07一文了解国产算子编程语言 TileLang,TileLang 对国产开源生态的影响与启示08KGG转MP3工具|非KGM文件|解密音频09在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)102025软件测试面试八股文(含答案+文档)