openssl3.2/test/certs – 002 – root cert variants: CA:false, key2, DN2, expired

文章目录

    • openssl3.2/test/certs - 002 - root cert variants: CA:false, key2, DN2, expired
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 002 - root cert variants: CA:false, key2, DN2, expired

概述

索引贴 openssl3.2 - 官方demo学习 - test - certs

笔记

–官方原始脚本
openssl3.2/test/certs - 002 -
root cert variants: CA:false, key2, DN2, expired root cert variants: CA:false, key2, DN2, expired

./mkcert.sh genss “Root CA” root-key root-nonca

–得到的原始命令行
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem
openssl req -new -sha256 -key root-key.pem -config /dev/fd/63
openssl x509 -req -sha256 -out root-nonca.pem -extfile /dev/fd/63 -signkey root-key.pem -set_serial 1 -days 36525

–从管道保存下来的配置文件

–config_param.txt

string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root CA

–extfile_param.txt

subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
subjectAltName = @alts
[alts]
DNS=Root CA

–自己修改的命令行
–cmd 001
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem
命令行含义:
产生私钥, 算法为rsa, 私钥位数2048, 输出为root-key.pem

-cmd 002
openssl req -new -sha256 -key root-key.pem -config config_param.txt -out root_req.pem
命令行含义:
生成新的证书请求文件, 摘要算法为sha256, 私钥文件=root-key.pem, 配置文件=config_param.txt,
输出文件=root_req.pem

-cmd 003
openssl x509 -req -sha256 -out root-nonca.pem -extfile extfile_param.txt -signkey root-key.pem -set_serial 1 -days 36525 -in root_req.pem
命令行含义:
生成证书(x509请求), 摘要算法=sha256, 输出文件=root-nonca.pem, 扩展文件=extfile_param.txt
签名私钥=root-key.pem, 证书序列号=1, 证书有效期(天)=36525
证书请求文件=root_req.pem

END