openssl3.2/test/certs - 075 - non-critical unknown extension

LostSpeed2024-01-27 14:43

文章目录

    • [openssl3.2/test/certs - 075 - non-critical unknown extension](#openssl3.2/test/certs - 075 - non-critical unknown extension)
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 075 - non-critical unknown extension

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

bash 复制代码 
/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\075\my_openssl_linux_doc_075.txt
* \note openssl3.2/test/certs - 075 - non-critical unknown extension
*/

// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash

# \file setup075.sh

# openssl3.2/test/certs - 075 - non-critical unknown extension
./mkcert.sh geneeextra server.example ee-key ee-cert-noncrit-unknown-ext ca-key ca-cert "1.2.3.4=DER:05:00"

// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ee-key.pem 

// cmd 2
// cfg_exp075_cmd2.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = server.example

openssl req -new -sha256 -key ee-key.pem -config cfg_exp075_cmd2.txt -out req_exp075_cmd2.pem

// cmd 3
// cfg_ex075_cmd3.txt
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
subjectAltName = @alts
1.2.3.4=DER:05:00
[alts]
DNS=server.example

openssl x509 -req -sha256 -out ee-cert-noncrit-unknown-ext.pem -extfile cfg_ex075_cmd3.txt -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525 -in req_exp075_cmd2.pem

// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ee-key.pem 
openssl req -new -sha256 -key ee-key.pem -config /dev/fd/63 

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt



string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = server.example
openssl x509 -req -sha256 -out ee-cert-noncrit-unknown-ext.pem -extfile /dev/fd/63 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 2 -days 36525 

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt



subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
subjectAltName = @alts
1.2.3.4=DER:05:00
[alts]
DNS=server.example

END

相关推荐
深耕AI6 天前
Win64OpenSSL-3_5_2.exe【安装步骤】
openssl
看那山瞧那水7 天前
DELPHI 利用OpenSSL实现加解密,证书(X.509)等功能
delphi·openssl
洋哥网络科技17 天前
openssl升级
openssl
Lazy Dave1 个月前
gmssl私钥文件格式
网络安全·ssl·openssl
沉在嵌入式的鱼2 个月前
RK3588移植Openssl库
linux·rk3588·openssl
黑屋里的马2 个月前
ssl相关命令生成证书
服务器·网络·ssl·openssl·gmssl
fangeqin2 个月前
ubuntu源码安装python3.13遇到Could not build the ssl module!解决方法
linux·python·ubuntu·openssl
API开发3 个月前
苹果芯片macOS安装版Homebrew(亲测) ,一键安装node、python、vscode等,比绿色软件还干净、无污染
vscode·python·docker·nodejs·openssl·brew·homebrew
码农不惑3 个月前
Rust使用tokio(二)HTTPS相关
https·rust·web·openssl
liulilittle3 个月前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法并通过OPENSSL加密验证算法正确性。
linux·服务器·c++·算法·安全·加密·openssl
热门推荐
01UV安装并设置国内源022025 年高教社杯全国大学生数学建模竞赛C 题 NIPT 的时点选择与胎儿的异常判定 完整成品思路模型代码分享,全网首发高质量!!!032025年数学建模国赛C题超详细解题思路04A股预测还能更准?开源大模型Kronos带你跑通预测+回测全流程05不再让Windows更新!&Edge游戏助手卸载及关闭自动更新06KGG转MP3工具|非KGM文件|解密音频07UV 工具安装与国内镜像源配置指南08突破百度网盘的下载限速,两种方法教会你【超详细】09Linux下V2Ray安装配置指南10教你如何认证 Gemini 教育优惠的二次验证,薅个 1年的 Gemini Pro 会员