当前位置: 首页 > news >正文

openssl3.2/test/certs - 003 - genroot “Root CA“ root-key2 root-cert2

news 2025/7/7 20:09:38

文章目录

    • openssl3.2/test/certs - 003 - genroot "Root CA" root-key2 root-cert2
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 003 - genroot “Root CA” root-key2 root-cert2

概述

索引贴 => openssl3.2 - 官方demo学习 - test - certs

笔记

// openssl3.2/test/certs - 003 - genroot “Root CA” root-key2 root-cert2

// --------------------------------------------------------------------------------
// 官方原始脚本
// --------------------------------------------------------------------------------
./mkcert.sh genroot “Root CA” root-key2 root-cert2
./mkcert.sh genroot “Root Cert 2” root-key root-name2
DAYS=-1 ./mkcert.sh genroot “Root CA” root-key root-expired

// --------------------------------------------------------------------------------
// 根据截取的到命令行参数和管道中的配置内容, 修改后可以正常运行的命令行
// --------------------------------------------------------------------------------
cmd1:
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key2.pem
运行正常, 没有新知识点, 无需注解

cmd2:
配置文件为 config_cfg.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root CA

openssl req -new -sha256 -key root-key2.pem -config config_cfg.txt -out root-key2-cert_req.pem

cmd3:
配置文件为 extfile_cmd3_cfg.txt
basicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-cert2.pem -extfile extfile_cmd3_cfg.txt -signkey root-key2.pem -set_serial 1 -days 36525 -in root-key2-cert_req.pem

cmd4:
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem
运行正常, 没有新知识点, 无需注解

cmd5:
配置文件为 config_cmd5.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root Cert 2

openssl req -new -sha256 -key root-key.pem -config config_cmd5.txt -out root-key_req.pem

cmd6:
配置文件=extfile_cmd6.txt
basicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-name2.pem -extfile extfile_cmd6.txt -signkey root-key.pem -set_serial 1 -days 36525 -in root-key_req.pem

cmd7:
配置文件=config_cmd7.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root CA

openssl req -new -sha256 -key root-key.pem -config config_cmd7.txt -out root-key_req.pem

cmd8:
config file = config_cmd8.txt
basicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid

openssl x509 -req -sha256 -out root-expired.pem -extfile config_cmd8.txt -signkey root-key.pem -set_serial 1 -days -1 -in root-key_req.pem

// --------------------------------------------------------------------------------
// 在修改后的openssl入口处记录的原始日志
// --------------------------------------------------------------------------------
cmd1:
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key2.pem

cmd2:
openssl req -new -sha256 -key root-key2.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root CA

cmd3:
openssl x509 -req -sha256 -out root-cert2.pem -extfile /dev/fd/63 -signkey root-key2.pem -set_serial 1 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid

cmd4:
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem

cmd5:
openssl req -new -sha256 -key root-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root Cert 2

cmd6:
openssl x509 -req -sha256 -out root-name2.pem -extfile /dev/fd/63 -signkey root-key.pem -set_serial 1 -days 36525

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid

cmd7:
openssl req -new -sha256 -key root-key.pem -config /dev/fd/63

-config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root CA

cmd8:
openssl x509 -req -sha256 -out root-expired.pem -extfile /dev/fd/63 -signkey root-key.pem -set_serial 1 -days -1

-extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt

basicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid

END

http://www.lryc.cn/news/287569.html

相关文章:

  • npm install出错的各种情况
  • 【Docker】Docker学习⑤ - Docker数据管理
  • C/C++ - 编程语法特性
  • Backtrader 文档学习-Target Orders
  • QT发生弹出警告窗口
  • vue3使用特殊字符@、~代替路径src
  • Java中的HTTPS通信
  • 威联通QNAP NAS结合cpolar内网穿透实现公网远程访问NAS中存储的文件
  • Ubuntu上安装部署Qt
  • MySQL的`FOR UPDATE`详解
  • 计算机网络 第4章(网络层)
  • HDD的烦恼:HAMR会让SMR黯然失色吗?
  • linux安装docker(入门一)
  • Node.js中fs模块
  • google-webrtc 原理
  • uniapp 框架搭建及使用
  • 嵌入式软件工程师面试题——2025校招社招通用(计算机网络篇)(三十二)
  • 《WebKit 技术内幕》学习之十一(4):多媒体
  • k8s基础知识
  • Docker容器引擎(3)
  • 【Android12】Android Framework系列---Adb和PMS安装apk源码流程
  • web漏洞总结大全(基础)
  • 获取双异步返回值时,如何保证主线程不阻塞?
  • hosts文件修改后无法保存的解决办法
  • 源码篇--Redis 五种数据类型
  • Sulfo Cy2 Biotin,水溶性 Cy2 生物素,能够与各种氨基基团特异性结合
  • NineData支持制定安全、可靠的SQL开发规范
  • LSTM时间序列预测
  • Rocky8 顺利安装 Airflow 并解决数据库报错问题
  • [足式机器人]Part2 Dr. CAN学习笔记- 最优控制Optimal Control Ch07-3 线性二次型调节器(LQR)