openssl3.2/test/certs - 061 - other@good.org not permitted by CA1

文章目录

openssl3.2/test/certs - 061 - other@good.org not permitted by CA1

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

bash 复制代码
/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\061\my_openssl_linux_doc_061.txt
* \note openssl3.2/test/certs - 061 - other@good.org not permitted by CA1
*/

// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash

# \file setup061.sh

# openssl3.2/test/certs - 061 - other@good.org not permitted by CA1

./mkcert.sh req badalt3-key "O = Bad NC Test Certificate 3" | \
    ./mkcert.sh geneealt badalt3-key badalt1-cert ncca1-key ncca1-cert \
    "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
    "email.1 = other@good.org" "email.2 = any@good.com"

// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out badalt3-key.pem 

// cmd 3
// cfg_exp061_cmd3.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
O = Bad NC Test Certificate 3

openssl req -new -sha256 -key badalt3-key.pem -config cfg_exp061_cmd3.txt -out req_exp061_cmd3.pem

// cmd 2
// cfg_exp061_cmd2.txt
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid
basicConstraints = CA:false

subjectAltName = @alts
[alts]
DNS.1 = www.good.org
DNS.2 = any.good.com
email.1 = other@good.org
email.2 = any@good.com

openssl x509 -req -sha256 -out badalt1-cert.pem -extfile cfg_exp061_cmd2.txt -CA ncca1-cert.pem -CAkey ncca1-key.pem -set_serial 2 -days 36525 -in req_exp061_cmd3.pem

// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out badalt3-key.pem 
openssl x509 -req -sha256 -out badalt1-cert.pem -extfile /dev/fd/63 -CA ncca1-cert.pem -CAkey ncca1-key.pem -set_serial 2 -days 36525 

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt



subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid
basicConstraints = CA:false

subjectAltName = @alts
[alts]
DNS.1 = www.good.org
DNS.2 = any.good.com
email.1 = other@good.org
email.2 = any@good.com
openssl req -new -sha256 -key badalt3-key.pem -config /dev/fd/63 

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt



string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
O = Bad NC Test Certificate 3

END

相关推荐
Humbunklung2 天前
VC++ 使用OpenSSL创建RSA密钥PEM文件
开发语言·c++·openssl
深耕AI1 个月前
Win64OpenSSL-3_5_2.exe【安装步骤】
openssl
看那山瞧那水1 个月前
DELPHI 利用OpenSSL实现加解密,证书(X.509)等功能
delphi·openssl
洋哥网络科技1 个月前
openssl升级
openssl
Lazy Dave2 个月前
gmssl私钥文件格式
网络安全·ssl·openssl
沉在嵌入式的鱼2 个月前
RK3588移植Openssl库
linux·rk3588·openssl
黑屋里的马2 个月前
ssl相关命令生成证书
服务器·网络·ssl·openssl·gmssl
fangeqin3 个月前
ubuntu源码安装python3.13遇到Could not build the ssl module!解决方法
linux·python·ubuntu·openssl
API开发3 个月前
苹果芯片macOS安装版Homebrew(亲测) ,一键安装node、python、vscode等,比绿色软件还干净、无污染
vscode·python·docker·nodejs·openssl·brew·homebrew
码农不惑3 个月前
Rust使用tokio(二)HTTPS相关
https·rust·web·openssl