openssl3.2/test/certs - 031 - purpose variants: clientAuth

LostSpeed2024-01-26 0:33

文章目录

    • [openssl3.2/test/certs - 031 - purpose variants: clientAuth](#openssl3.2/test/certs - 031 - purpose variants: clientAuth)
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 031 - purpose variants: clientAuth

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

/*!

\file my_openssl_linux_log_doc_031.txt

\note openssl3.2/test/certs - 031 - purpose variants: clientAuth

*/

// --------------------------------------------------------------------------------

// official bash script

// --------------------------------------------------------------------------------

// openssl3.2/test/certs - 031 - purpose variants: clientAuth

./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert

// --------------------------------------------------------------------------------

// openssl cmd line parse

// --------------------------------------------------------------------------------

// cmd 1

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ee-key.pem

// cmd 2

// config file = cfg_exp031_cmd2.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = server.example

openssl req -new -sha256 -key ee-key.pem -config cfg_exp031_cmd2.txt -out ee-key-req.pem

// cmd 3

// config file = cfg_exp031_cmd3.txt

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid, issuer

basicConstraints = CA:false

extendedKeyUsage = clientAuth

alts

subjectAltName = @alts

DNS=server.example

alts

openssl x509 -req -sha256 -out ee-client.pem -extfile cfg_exp031_cmd3.txt -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525 -in ee-key-req.pem

// --------------------------------------------------------------------------------

// openssl log

// --------------------------------------------------------------------------------

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ee-key.pem

openssl req -new -sha256 -key ee-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = server.example

openssl x509 -req -sha256 -out ee-client.pem -extfile /dev/fd/63 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid, issuer

basicConstraints = CA:false

extendedKeyUsage = clientAuth

alts

subjectAltName = @alts

DNS=server.example

alts

END

相关推荐
洋哥网络科技7 天前
openssl升级
openssl
Lazy Dave22 天前
gmssl私钥文件格式
网络安全·ssl·openssl
沉在嵌入式的鱼1 个月前
RK3588移植Openssl库
linux·rk3588·openssl
黑屋里的马1 个月前
ssl相关命令生成证书
服务器·网络·ssl·openssl·gmssl
fangeqin2 个月前
ubuntu源码安装python3.13遇到Could not build the ssl module!解决方法
linux·python·ubuntu·openssl
API开发2 个月前
苹果芯片macOS安装版Homebrew(亲测) ,一键安装node、python、vscode等,比绿色软件还干净、无污染
vscode·python·docker·nodejs·openssl·brew·homebrew
码农不惑2 个月前
Rust使用tokio(二)HTTPS相关
https·rust·web·openssl
liulilittle3 个月前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法并通过OPENSSL加密验证算法正确性。
linux·服务器·c++·算法·安全·加密·openssl
liulilittle3 个月前
OpenSSL 的 AES-NI 支持机制
linux·运维·服务器·算法·加密·openssl·解密
liulilittle3 个月前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法。
linux·服务器·c++·算法·安全·加密·openssl
热门推荐
01UV安装并设置国内源02不再让Windows更新!&Edge游戏助手卸载及关闭自动更新03KGG转MP3工具|非KGM文件|解密音频04奈飞工厂官网,国内Netflix影视在线看|中文网页电脑版入口05Linux下V2Ray安装配置指南06Qwen3-Coder 快速上手教程 | Qwen Code + Claude Code07蜘蛛磁力 搜索引擎大全,如何使用蜘蛛磁力查找磁力链接08【2025.08.06最新版】Android Studio下载、安装及配置记录(自动下载sdk)09突破百度网盘的下载限速,两种方法教会你【超详细】10Xget:下一代开源资源获取加速引擎,让你的文件下载、储存库克隆和镜像拉取快如闪电