openssl3.2/test/certs - 031 - purpose variants: clientAuth

LostSpeed2024-01-26 0:33

文章目录

    • [openssl3.2/test/certs - 031 - purpose variants: clientAuth](#openssl3.2/test/certs - 031 - purpose variants: clientAuth)
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 031 - purpose variants: clientAuth

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

/*!

\file my_openssl_linux_log_doc_031.txt

\note openssl3.2/test/certs - 031 - purpose variants: clientAuth

*/

// --------------------------------------------------------------------------------

// official bash script

// --------------------------------------------------------------------------------

// openssl3.2/test/certs - 031 - purpose variants: clientAuth

./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert

// --------------------------------------------------------------------------------

// openssl cmd line parse

// --------------------------------------------------------------------------------

// cmd 1

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ee-key.pem

// cmd 2

// config file = cfg_exp031_cmd2.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = server.example

openssl req -new -sha256 -key ee-key.pem -config cfg_exp031_cmd2.txt -out ee-key-req.pem

// cmd 3

// config file = cfg_exp031_cmd3.txt

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid, issuer

basicConstraints = CA:false

extendedKeyUsage = clientAuth

alts

subjectAltName = @alts

DNS=server.example

alts

openssl x509 -req -sha256 -out ee-client.pem -extfile cfg_exp031_cmd3.txt -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525 -in ee-key-req.pem

// --------------------------------------------------------------------------------

// openssl log

// --------------------------------------------------------------------------------

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ee-key.pem

openssl req -new -sha256 -key ee-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only

req

prompt = no

distinguished_name = dn

dn

CN = server.example

openssl x509 -req -sha256 -out ee-client.pem -extfile /dev/fd/63 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid, issuer

basicConstraints = CA:false

extendedKeyUsage = clientAuth

alts

subjectAltName = @alts

DNS=server.example

alts

END

相关推荐
fangeqin7 天前
ubuntu源码安装python3.13遇到Could not build the ssl module!解决方法
linux·python·ubuntu·openssl
API开发18 天前
苹果芯片macOS安装版Homebrew(亲测) ,一键安装node、python、vscode等,比绿色软件还干净、无污染
vscode·python·docker·nodejs·openssl·brew·homebrew
码农不惑21 天前
Rust使用tokio(二)HTTPS相关
https·rust·web·openssl
liulilittle1 个月前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法并通过OPENSSL加密验证算法正确性。
linux·服务器·c++·算法·安全·加密·openssl
liulilittle1 个月前
OpenSSL 的 AES-NI 支持机制
linux·运维·服务器·算法·加密·openssl·解密
liulilittle1 个月前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法。
linux·服务器·c++·算法·安全·加密·openssl
花花少年1 个月前
Ubuntu系统下交叉编译openssl
openssl·交叉编译
什么名字都被用了2 个月前
编译openssl源码
c++·openssl
toooooop82 个月前
openssl_error_string() 不要依赖错误信息作为逻辑判断
php·openssl
whoarethenext3 个月前
加密认证库openssl初始附带c/c++的使用源码
c语言·网络·c++·openssl
热门推荐
01【无标题】02集群聊天服务器---MySQL数据库的建立03Coze扣子平台完整体验和实践(附国内和国际版对比)04Java类变量(静态变量)05KGG转MP3工具|非KGM文件|解密音频06扣子(coze)实战|我用扣子搭建了一个自动分析小红薯笔记内容的AI应用|详细步骤拆解07基于uni-app的书法学习管理小程序的设计与实现08使用Ruby接入实时行情API教程09DeepSeek各版本说明与优缺点分析10绿色建筑新态势:楼宇自控助力能效提升,推动成本优化新路径