openssl3.2/test/certs - 061 - other@good.org not permitted by CA1

文章目录

openssl3.2/test/certs - 061 - other@good.org not permitted by CA1

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

bash 复制代码
/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\061\my_openssl_linux_doc_061.txt
* \note openssl3.2/test/certs - 061 - other@good.org not permitted by CA1
*/

// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash

# \file setup061.sh

# openssl3.2/test/certs - 061 - other@good.org not permitted by CA1

./mkcert.sh req badalt3-key "O = Bad NC Test Certificate 3" | \
    ./mkcert.sh geneealt badalt3-key badalt1-cert ncca1-key ncca1-cert \
    "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
    "email.1 = other@good.org" "email.2 = any@good.com"

// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out badalt3-key.pem 

// cmd 3
// cfg_exp061_cmd3.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
O = Bad NC Test Certificate 3

openssl req -new -sha256 -key badalt3-key.pem -config cfg_exp061_cmd3.txt -out req_exp061_cmd3.pem

// cmd 2
// cfg_exp061_cmd2.txt
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid
basicConstraints = CA:false

subjectAltName = @alts
[alts]
DNS.1 = www.good.org
DNS.2 = any.good.com
email.1 = other@good.org
email.2 = any@good.com

openssl x509 -req -sha256 -out badalt1-cert.pem -extfile cfg_exp061_cmd2.txt -CA ncca1-cert.pem -CAkey ncca1-key.pem -set_serial 2 -days 36525 -in req_exp061_cmd3.pem

// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out badalt3-key.pem 
openssl x509 -req -sha256 -out badalt1-cert.pem -extfile /dev/fd/63 -CA ncca1-cert.pem -CAkey ncca1-key.pem -set_serial 2 -days 36525 

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt



subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid
basicConstraints = CA:false

subjectAltName = @alts
[alts]
DNS.1 = www.good.org
DNS.2 = any.good.com
email.1 = other@good.org
email.2 = any@good.com
openssl req -new -sha256 -key badalt3-key.pem -config /dev/fd/63 

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt



string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
O = Bad NC Test Certificate 3

END

相关推荐
coder4_15 天前
OpenSSL 加密算法与证书管理全解析:从基础到私有 CA 实战
https·openssl·ssl/tls·加密算法·ca证书
王小义笔记22 天前
windows电脑如何执行openssl rand命令
windows·openssl
Humbunklung25 天前
VC++ 使用OpenSSL创建RSA密钥PEM文件
开发语言·c++·openssl
深耕AI2 个月前
Win64OpenSSL-3_5_2.exe【安装步骤】
openssl
看那山瞧那水2 个月前
DELPHI 利用OpenSSL实现加解密,证书(X.509)等功能
delphi·openssl
洋哥网络科技2 个月前
openssl升级
openssl
Lazy Dave3 个月前
gmssl私钥文件格式
网络安全·ssl·openssl
沉在嵌入式的鱼3 个月前
RK3588移植Openssl库
linux·rk3588·openssl
黑屋里的马3 个月前
ssl相关命令生成证书
服务器·网络·ssl·openssl·gmssl
fangeqin4 个月前
ubuntu源码安装python3.13遇到Could not build the ssl module!解决方法
linux·python·ubuntu·openssl