to be sent with your certificate request A challenge password []: An optional company name []: kevin@kevin-TM1701:~/gaoshi/zzxia-CA-openssl$ kevin@kevin-TM1701:~/gaoshi/zzxia-CA-openssl$ openssl ca -in from_user_csr/${DOMAIN}.csr -out to_user_crt/${DOMAIN}.crt -extensions v3_req ...
步骤:生成CA私钥(.key)-->生成CA证书请求(.csr)-->自签名得到根证书(.crt)(CA给自已颁发的证书)。 # Generate CA private key --->ca.key openssl genrsa -out ca.key 2048 # Generate CSR --->ca.csr openssl req -new -key ca.key -out ca.csr # Generate Self Signed certificate(CA 根证书...
-sha256 -extensions v3_ca -out certs/ca.cert.pem \ -config root_CA.cnf 上面的一条命令指定了我们要为之前创建的CA根私钥颁发公钥证书,该证书的有效期是10年,采用SHA-256算法生成消息摘要,同时由于这是一个CA证书,需要在命令中指明采用v3_ca扩展,该扩展的具体配置已经在root_CA.cnf文件中设置,采用-confi...
openssl ca -revoke /etc/pki/CA/newcerts/03.pem 更新证书注销列表 openssl ca -gencrl -out /etc/pki/CA/crl/crl.pem 9.证书吊销列表(CRL) 证书吊销列表 (Certificate Revocation List ,简称: CRL) 是 PKI 系统中的一个结构化数据文件,该文件包含了证书颁发机构 (CA) 已经吊销的证书的序列号及其吊销日期。
(2)The organizationName field needed to be the same in the CA certificate (xxx) and the request (yyy) 1、修改organizationName保持一致 2、修改/etc/pki/tls/openssl.cnf,将organizationName的值从match改为optional。 organizationName=supplied
Use the OpenSSL tool to generate a CA certificate and sign the certificate request file. The configuration procedure is as follows: Procedure Prepare the OpenSSL environment. Prepare a Linux-based device where the OpenSSL tool is installed. (Generally, ...
大功告成 使用以下命令查看证书 openssl x509 -in certificate.pem -text -noout 参考链接 How can I generate a self-signed certificate with SubjectAltName using OpenSSL 使用OpenSSL生成带有SubjectAltName的自签名证书
-newkey dsa:file generate a new DSA key, parameters taken from CA in 'file' (生成新的密钥,DSA代表使用DSA算法对密钥进行加密,bits表示密钥长度) -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4) (使用信息摘要算法,一般在数字签名时使用) ...
certificate = $dir/cacert.pem # The CA certificate #需生成(根证书) serial = $dir/serial # The current serial number crl = $dir/crl.pem # The current CRL # private_key = $dir/private/cakey.pem # The private key #需生成(根私钥) ...
export PASSWORD="password" export USERNAME=$(hostnamectl --static) # Generate a private key openssl genrsa -out "${USERNAME}Key.pem" 2048 # Generate a CSR (Certificate Sign Request) openssl req -new -key "${USERNAME}Key.pem" -out "${USERNAME}Req.pem" -subj "/CN=${USERNAME}" # ...