索引贴 openssl3.2 - 官方demo学习 - test - certs
–官方原始脚本
openssl3.2/test/certs - 002 -
root cert variants: CA:false, key2, DN2, expired root cert variants: CA:false, key2, DN2, expired
./mkcert.sh genss “Root CA” root-key root-nonca
–得到的原始命令行
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem
openssl req -new -sha256 -key root-key.pem -config /dev/fd/63
openssl x509 -req -sha256 -out root-nonca.pem -extfile /dev/fd/63 -signkey root-key.pem -set_serial 1 -days 36525
–从管道保存下来的配置文件
–config_param.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root CA
–extfile_param.txt
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
subjectAltName = @alts
[alts]
DNS=Root CA
–自己修改的命令行
–cmd 001
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out root-key.pem
命令行含义:
产生私钥, 算法为rsa, 私钥位数2048, 输出为root-key.pem
-cmd 002
openssl req -new -sha256 -key root-key.pem -config config_param.txt -out root_req.pem
命令行含义:
生成新的证书请求文件, 摘要算法为sha256, 私钥文件=root-key.pem, 配置文件=config_param.txt,
输出文件=root_req.pem
-cmd 003
openssl x509 -req -sha256 -out root-nonca.pem -extfile extfile_param.txt -signkey root-key.pem -set_serial 1 -days 36525 -in root_req.pem
命令行含义:
生成证书(x509请求), 摘要算法=sha256, 输出文件=root-nonca.pem, 扩展文件=extfile_param.txt
签名私钥=root-key.pem, 证书序列号=1, 证书有效期(天)=36525
证书请求文件=root_req.pem