openssl3.2/test/certs - 031 - purpose variants: clientAuth

LostSpeed2024-01-26 0:33

文章目录

    • [openssl3.2/test/certs - 031 - purpose variants: clientAuth](#openssl3.2/test/certs - 031 - purpose variants: clientAuth)
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 031 - purpose variants: clientAuth

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

/*!

\file my_openssl_linux_log_doc_031.txt

\note openssl3.2/test/certs - 031 - purpose variants: clientAuth

*/

// --------------------------------------------------------------------------------

// official bash script

// --------------------------------------------------------------------------------

// openssl3.2/test/certs - 031 - purpose variants: clientAuth

./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert

// --------------------------------------------------------------------------------

// openssl cmd line parse

// --------------------------------------------------------------------------------

// cmd 1

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ee-key.pem

// cmd 2

// config file = cfg_exp031_cmd2.txt

string_mask=utf8only

[req]

prompt = no

distinguished_name = dn

[dn]

CN = server.example

openssl req -new -sha256 -key ee-key.pem -config cfg_exp031_cmd2.txt -out ee-key-req.pem

// cmd 3

// config file = cfg_exp031_cmd3.txt

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid, issuer

basicConstraints = CA:false

extendedKeyUsage = clientAuth

[alts]

subjectAltName = @alts

DNS=server.example

[alts]

openssl x509 -req -sha256 -out ee-client.pem -extfile cfg_exp031_cmd3.txt -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525 -in ee-key-req.pem

// --------------------------------------------------------------------------------

// openssl log

// --------------------------------------------------------------------------------

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ee-key.pem

openssl req -new -sha256 -key ee-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

[req]

prompt = no

distinguished_name = dn

[dn]

CN = server.example

openssl x509 -req -sha256 -out ee-client.pem -extfile /dev/fd/63 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid, issuer

basicConstraints = CA:false

extendedKeyUsage = clientAuth

[alts]

subjectAltName = @alts

DNS=server.example

[alts]

END

相关推荐
码农诗人1 天前
调用openssl实现加解密算法
算法·openssl·ecdh算法
handsomestWei13 天前
openssl使用
服务器·后端·ssl·openssl
初级代码游戏24 天前
openssl 生成证书 windows导入证书
网络·网络协议·ssl·openssl
初级代码游戏1 个月前
openssl 正确生成v3带SAN的证书
https·证书·ssl·openssl·tls·v3
初级代码游戏1 个月前
openssl s_server源码剥离
https·ssl·openssl·tls·s_server
QC七哥1 个月前
openssl在windows下的编译
windows·openssl·vs2022
乌南竹1 个月前
六十九:基于openssl实战验证RSA
openssl
daqinzl1 个月前
利用ffmpeg将视频转为m3u8并加密
ffmpeg·openssl·m3u8·加密 解密
CAir21 个月前
openssl编译
windows·编译·openssl
迷茫运维路2 个月前
Openssl1.1.1s rpm包构建与升级
运维·openssl·rpmbuild
热门推荐
01DeepSeek各版本说明与优缺点分析02如何在WPS和Word/Excel中直接使用DeepSeek功能03DeepSeek本地部署详细指南04太炸裂了!清华大学deepseek从入门到精通使用手册又出第三版了,《普通人如何抓住DeepSeek红利》(无套路,直接下载)05本地部署DeepSeek教程(Mac版本)06DeepSeek r1本地安装全指南07DeepSeek R1本地化部署 Ollama + Chatbox 打造最强 AI 工具08本地化部署AI知识库:基于Ollama+DeepSeek+AnythingLLM保姆级教程09在Windows下安装Ollama并体验DeepSeek r1大模型10DeepSeek RAGFlow构建本地知识库系统