免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 操作系统 Linux系统管理 高手指教openssl生成带扩展部分的证书
最近访问板块 发新帖
查看: 1757 | 回复: 0
打印 上一主题 下一主题

[网络管理] 高手指教openssl生成带扩展部分的证书 [复制链接]

redog

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2007-05-08 21:18 |只看该作者 |倒序浏览
[ req ]
default_bits = 2048
default_keyfile = /u01/ca/private/cakey.pem
default_md = md5
prompt = no
distinguished_name = root_ca_distinguished_name
extensions = v3_req
[ root_ca_distinguished_name ]
commonName = My Test extension
stateOrProvinceName = jilin
countryName = CN
emailAddress = redogs@sina.com.cn
organizationName = jlu
[ v3_req ]
subjectAltName=email:steve@here,email:steve@there
basicConstraints = CA:FALSE

该文件保存为ext.cnf
生成证书请求:openssl req -config ext.conf -newkey rsa:1024 -keyout key.pem -out req.pem
下面是CA配置
[ myca ]
dir = /u01/ca
certificate = $dir/cacert.pem
database = $dir/index.txt
new_certs_dir = $dir/certs
private_key = $dir/private/cakey.pem
serial = $dir/serial

copy_extensions = copy
default_crl_days= 7
default_days = 365
default_md = md5

policy = myca_policy
x509_extensions = certificate_extensions

[ myca_policy ]
commonName = supplied
stateOrProvinceName = supplied
countryName = supplied
emailAddress = supplied
organizationName= supplied
organizationalUnitName = optional

[ certificate_extensions ]
basicConstraints= CA:false

[ req ]
default_bits = 2048
default_keyfile = /u01/ca/private/cakey.pem
default_md = md5
prompt = no
distinguished_name = root_ca_distinguished_name
x509_extensions = root_ca_extensions
[ root_ca_distinguished_name ]
commonName = My Test CA
stateOrProvinceName = jilin
countryName = CN
emailAddress = redogs@sina.com.cn
organizationName = jlu
[ root_ca_extensions ]
basicConstraints = CA:true

CA签证:
openssl ca -config ../openssl.conf -in req.pem

查看证书内容没有扩展部分
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: CN=My Test CA, ST=jilin, C=CN/emailAddress=redogs@sina.com.cn, O=jlu
        Validity
            Not Before: May  8 13:05:09 2007 GMT
            Not After : May  7 13:05:09 2008 GMT
        Subject: CN=My Test extension, ST=jilin, C=CN/emailAddress=redogs@sina.com.cn, O=jlu
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:9a:65:76:84:d9:2f:b8:77:be:b8:6e:73:d4:30:
                    3d:39:b7:a4:90:db:83:a6:eb:26:f8:34:d4:8a:0c:
                    31:cc:b2:ea:f3:02:23:46:e1:51:65:6d:81:12:6a:
                    b3:7f:32:c3:e4:c3:00:6c:3c:ca:3f:ee:26:24:01:
                    21:ed:7c:d3:1b:08:f1:bb:71:c9:e0:4b:ac:18:72:
                    70:43:93:0f:0d:f7:d7:42:b2:3e:f7:7f:2c:20:66:
                    b7:ec:57:41:f8:b4:43:cc:5b:26:0f:64:eb:6d:81:
                    57:be:80:ca:65:ae:06:96:53:1b:0e:82:d6:f9:f2:
                    09:88:3a:ac:ed:aa:dd:4a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE
    Signature Algorithm: md5WithRSAEncryption
        03:41:eb:8c:83:b6:98:19:53:98:c1:ed:9a:32:71:55:59:9f:
        f0:57:76:8d:78:fa:68:12:d8:bb:bb:ad:ef:f1:93:44:a0:32:
        71:6f:52:bb:13:6b:68:23:4b:c1:4b:c6:a5:83:47:52:19:e9:
        c3:fa:5c:d7:4a:5b:05:2e:55:7a:b7:5b:a8:b7:ea:05:32:7f:
        df:5c:74:56:2f:98:62:a8:b0:4f:26:4d:fe:80:e3:a1:7f:9a:
        59:6f:4d:af:f3:cb:b0:f2:b0:1e:1b:3f:69:9e:0b:a3:d0:89:
        4c:5e:ef:10:01:3c:c1:8e:08:38:98:fe:a1:e0:ac:f1:1c:2f:
        1a:e3:43:e0:14:94:05:0a:85:31:4f:a2:e8:29:f7:33:cd:70:
        ae:10:64:9c:76:04:61:cb:7c:37:f5:8b:8a:92:2f:a2:e6:b9:
        2a:95:71:fc:d5:67:3c:6d:35:20:cc:39:ff:a7:2d:f9:68:c4:
        ab:2e:be:0e:60:54:ec:15:5e:7a:16:1f:cf:45:e5:50:d5:3b:
        54:17:bd:83:31:af:f8:c8:0d:c3:23:78:60:ca:b8:8d:33:14:
        43:95:06:5d:e2:65:1a:91:cb:b5:f4:43:ab:23:c3:8f:cc:8a:
        81:76:c4:a1:2a:37:38:60:0a:fb:87:0c:b2:f6:f4:c3:64:76:
        ca:73:a0:1e
-----BEGIN CERTIFICATE-----
MIIC0TCCAbmgAwIBAgIBCjANBgkqhkiG9w0BAQQFADBjMRMwEQYDVQQDEwpNeSBU
ZXN0IENBMQ4wDAYDVQQIEwVqaWxpbjELMAkGA1UEBhMCQ04xITAfBgkqhkiG9w0B
CQEWEnJlZG9nc0BzaW5hLmNvbS5jbjEMMAoGA1UEChMDamx1MB4XDTA3MDUwODEz
MDUwOVoXDTA4MDUwNzEzMDUwOVowajEaMBgGA1UEAxMRTXkgVGVzdCBleHRlbnNp
b24xDjAMBgNVBAgTBWppbGluMQswCQYDVQQGEwJDTjEhMB8GCSqGSIb3DQEJARYS
cmVkb2dzQHNpbmEuY29tLmNuMQwwCgYDVQQKEwNqbHUwgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAJpldoTZL7h3vrhuc9QwPTm3pJDbg6brJvg01IoMMcyy6vMC
I0bhUWVtgRJqs38yw+TDAGw8yj/uJiQBIe180xsI8btxyeBLrBhycEOTDw3310Ky
Pvd/LCBmt+xXQfi0Q8xbJg9k622BV76AymWuBpZTGw6C1vnyCYg6rO2q3Uo9AgMB
AAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEEBQADggEBAANB64yDtpgZU5jB
7ZoycVVZn/BXdo14+mgS2Lu7re/xk0SgMnFvUrsTa2gjS8FLxqWDR1IZ6cP6XNdK
WwUuVXq3W6i36gUyf99cdFYvmGKosE8mTf6A46F/mllvTa/zy7DysB4bP2meC6PQ
iUxe7xABPMGOCDiY/qHgrPEcLxrjQ+AUlAUKhTFPougp9zPNcK4QZJx2BGHLfDf1
i4qSL6LmuSqVcfzVZzxtNSDMOf+nLfloxKsuvg5gVOwVXnoWH89F5VDVO1QXvYMx
r/jIDcMjeGDKuI0zFEOVBl3iZRqRy7X0Q6sjw4/MioF2xKEqNzhgCvuHDLL29MNk
dspzoB4=
-----END CERTIFICATE-----



请高手赐教如何在请求中加入扩展部分,CA签证后仍保留该扩展部分??
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP