文章目录
-
- openssl3.2/test/certs - 002 - root cert variants: CA:false, key2, DN2, expired
- 概述
- 笔记
- END
openssl3.2/test/certs - 002 - root cert variants: CA:false, key2, DN2, expired
概述
索引贴 openssl3.2 - 官方demo学习 - test - certs
笔记
–官方原始脚本
openssl3.2/test/certs - 002 -
root cert variants: CA:false, key2, DN2, expired root cert variants: CA:false, key2, DN2, expired
./mkcert.sh genss “Root CA” root-key root-nonca
–得到的原始命令行
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem
openssl req -new -sha256 -key root-key.pem -config /dev/fd/63
openssl x509 -req -sha256 -out root-nonca.pem -extfile /dev/fd/63 -signkey root-key.pem -set_serial 1 -days 36525
–从管道保存下来的配置文件
–config_param.txt
string_mask=utf8only [req] prompt = no distinguished_name = dn [dn] CN = Root CA
–extfile_param.txt
subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer basicConstraints = CA:false extendedKeyUsage = serverAuth subjectAltName = @alts [alts] DNS=Root CA
–自己修改的命令行
–cmd 001
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem
命令行含义:
产生私钥, 算法为rsa, 私钥位数2048, 输出为root-key.pem
-cmd 002
openssl req -new -sha256 -key root-key.pem -config config_param.txt -out root_req.pem
命令行含义:
生成新的证书请求文件, 摘要算法为sha256, 私钥文件=root-key.pem, 配置文件=config_param.txt,
输出文件=root_req.pem
-cmd 003
openssl x509 -req -sha256 -out root-nonca.pem -extfile extfile_param.txt -signkey root-key.pem -set_serial 1 -days 36525 -in root_req.pem
命令行含义:
生成证书(x509请求), 摘要算法=sha256, 输出文件=root-nonca.pem, 扩展文件=extfile_param.txt
签名私钥=root-key.pem, 证书序列号=1, 证书有效期(天)=36525
证书请求文件=root_req.pem