openssl3.2/test/certs - 075 - non-critical unknown extension

LostSpeed2024-01-27 14:43

文章目录

    • [openssl3.2/test/certs - 075 - non-critical unknown extension](#openssl3.2/test/certs - 075 - non-critical unknown extension)
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 075 - non-critical unknown extension

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

bash 复制代码 
/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\075\my_openssl_linux_doc_075.txt
* \note openssl3.2/test/certs - 075 - non-critical unknown extension
*/

// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash

# \file setup075.sh

# openssl3.2/test/certs - 075 - non-critical unknown extension
./mkcert.sh geneeextra server.example ee-key ee-cert-noncrit-unknown-ext ca-key ca-cert "1.2.3.4=DER:05:00"

// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ee-key.pem 

// cmd 2
// cfg_exp075_cmd2.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = server.example

openssl req -new -sha256 -key ee-key.pem -config cfg_exp075_cmd2.txt -out req_exp075_cmd2.pem

// cmd 3
// cfg_ex075_cmd3.txt
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
subjectAltName = @alts
1.2.3.4=DER:05:00
[alts]
DNS=server.example

openssl x509 -req -sha256 -out ee-cert-noncrit-unknown-ext.pem -extfile cfg_ex075_cmd3.txt -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525 -in req_exp075_cmd2.pem

// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ee-key.pem 
openssl req -new -sha256 -key ee-key.pem -config /dev/fd/63 

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt



string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = server.example
openssl x509 -req -sha256 -out ee-cert-noncrit-unknown-ext.pem -extfile /dev/fd/63 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525 

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt



subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
subjectAltName = @alts
1.2.3.4=DER:05:00
[alts]
DNS=server.example

END

相关推荐
许野平9 天前
OpenSSL:生成 DER 格式的 RSA 密钥对
服务器·网络·openssl·rsa·pem·der
Xnah_10 天前
ubuntu 20.4 安装 openssl 3.x
ubuntu·openssl
redwingz15 天前
openssl签名报错
openssl·random
Anlige25 天前
PHP实现OPENSSL的EVP_BytesToKey
开发语言·php·openssl·evp
cooldream20091 个月前
升级 OpenSSL 的详细步骤(解决 SSH 漏洞的前提)
运维·ssh·openssl
年薪丰厚1 个月前
如何手动安装libcrypto.so.10和libssl.so.10这两个库?
openssl·libcrypto.so.10·libssl.so.10
恋喵大鲤鱼2 个月前
openssl(1) command
openssl
pzs02212 个月前
openssl的使用
openssl
小亦小亦_空中接力2 个月前
openssl+keepalived安装部署
openssl·keepalived
摸鱼手会滑2 个月前
源码编译安装python3.12没有ssl模块,python3.12 ModuleNotFoundError: No module named ‘_ssl‘
ssl·openssl·python3
热门推荐
01【HarmonyOS】HUAWEI DevEco Studio 下载地址汇总02(欧拉)openEuler系统添加网卡文件配置流程、(欧拉)openEuler系统手动配置ipv6地址流程、(欧拉)openEuler系统网络管理说明03组基轨迹建模 GBTM的介绍与实现(Stata 或 R)04【AIGC】重塑未来的科技巨轮05全面解析:构建基于深度学习的安全帽检测系统(UI界面+YOLO代码+数据集)06【经验分享】Ubuntu22.04安装微信(linux官方版)07基于YOLOv10深度学习的CT扫描图像肾结石智能检测系统【python源码+Pyqt5界面+数据集+训练代码】深度学习实战、目标检测08Ubuntu 20.04使用Livox mid 360 测试 FAST_LIO09RAG 实践- Ollama+RagFlow 部署本地知识库10红米手机使用google play