openssl3.2/test/certs - 042 - 3072-bit leaf key

LostSpeed2024-01-25 14:02

文章目录

    • [openssl3.2/test/certs - 042 - 3072-bit leaf key](#openssl3.2/test/certs - 042 - 3072-bit leaf key)
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 042 - 3072-bit leaf key

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

bash 复制代码 
/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\042\my_openssl_linux_doc042.txt
* \note openssl3.2/test/certs - 042 - 3072-bit leaf key
*/

// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
# openssl3.2/test/certs - 042 - 3072-bit leaf key
OPENSSL_KEYBITS=3072 ./mkcert.sh genee server.example ee-key-3072 ee-cert-3072 ca-key ca-cert


// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:3072 -out ee-key-3072.pem 

// cmd 2
// config_exp04_cmd2.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = server.example

openssl req -new -sha256 -key ee-key-3072.pem -config config_exp04_cmd2.txt -out req_exp042_cmd2.pem

// cmd 3
// config_exp042_cmd3.txt
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false

extendedKeyUsage = serverAuth
[alts]
subjectAltName = @alts
DNS=server.example
[alts]

openssl x509 -req -sha256 -out ee-cert-3072.pem -extfile config_exp042_cmd3.txt -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525 -in req_exp042_cmd2.pem

// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:3072 -out ee-key-3072.pem 
openssl req -new -sha256 -key ee-key-3072.pem -config /dev/fd/63 

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt



string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = server.example
openssl x509 -req -sha256 -out ee-cert-3072.pem -extfile /dev/fd/63 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525 

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt



subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false

extendedKeyUsage = serverAuth
[alts]
subjectAltName = @alts
DNS=server.example




[alts]

END

相关推荐
洋哥网络科技21 小时前
openssl升级
openssl
Lazy Dave16 天前
gmssl私钥文件格式
网络安全·ssl·openssl
沉在嵌入式的鱼1 个月前
RK3588移植Openssl库
linux·rk3588·openssl
黑屋里的马1 个月前
ssl相关命令生成证书
服务器·网络·ssl·openssl·gmssl
fangeqin2 个月前
ubuntu源码安装python3.13遇到Could not build the ssl module!解决方法
linux·python·ubuntu·openssl
API开发2 个月前
苹果芯片macOS安装版Homebrew(亲测) ,一键安装node、python、vscode等,比绿色软件还干净、无污染
vscode·python·docker·nodejs·openssl·brew·homebrew
码农不惑2 个月前
Rust使用tokio(二)HTTPS相关
https·rust·web·openssl
liulilittle2 个月前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法并通过OPENSSL加密验证算法正确性。
linux·服务器·c++·算法·安全·加密·openssl
liulilittle2 个月前
OpenSSL 的 AES-NI 支持机制
linux·运维·服务器·算法·加密·openssl·解密
liulilittle2 个月前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法。
linux·服务器·c++·算法·安全·加密·openssl
热门推荐
01UV安装并设置国内源02KGG转MP3工具|非KGM文件|解密音频03【踩坑笔记】50系显卡适配的 PyTorch 安装04蜘蛛磁力 搜索引擎大全,如何使用蜘蛛磁力查找磁力链接05突破百度网盘的下载限速,两种方法教会你【超详细】0620个国内外主流AI绘画工具大汇总(最新免费可用~)07【2025.08.06最新版】Android Studio下载、安装及配置记录(自动下载sdk)08Qwen3-Coder 快速上手教程 | Qwen Code + Claude Code092025最新国内服务器可用docker源仓库地址大全(2025年8月更新)10Claude Code VSCode集成开发指南:AI编程助手完整配置