string_mask = utf8only default_md = sha256 x509_extensions = v3_ca [ req_distinguished_name ] countryName = AB stateOrProvinceName = CD localityName = EF_GH organizationName = myorg organizationalUnitName = myorgunit commonName = mycn emailAddress = myemail@example.com [ v3_ca ] subjec...
[req]prompt=nodefault_md=sha256distinguished_name=dnreq_extensions=req_ext[dn]CN=example.com[req...
$ openssl x509 -req -days 365 \ -in test.csr -out test.pem \ -CA ca.pem -CAkey ca.key -CAcreateserial \ -extensions SAN \ -extfile <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:*.server.example.com,DNS:*.example.com")) 4.3 验证证书的SAN值 $ openssl ...
openssl x509-req -inemqx.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out emqx.pem -days3650-sha256 -extensions v3_req -extfile openssl.cnf 客户端证书: openssl genrsa-out client.key2048openssl req-new -key client.key -out client.csr -subj"/C=CN/ST=GuangDong/O=EMQX/CN=Client"ope...
确保req下存在以下2行(默认第一行是有的,第2行被注释了) [ req ]distinguished_name = req_distinguished_namereq_extensions = v3_req v3_req节点示例如下: [ v3_req ]# 在证书请求中添加扩展# 作为最终证书,不能用此证书作为中间证书 具体表现为在查看证书中"基本约束"为 Subject Type=End EntitybasicConst...
[ v3_req ]# Extensions to add to a certificate requestbasicConstraints = CA:FALSEkeyUsage = nonRepudiation, digitalSignature, keyEnciphermentsubjectAltName = @alt_names 新增alt_names,注意括号前后的空格,DNS.x 的数量可以自己加 [ alt_names ]DNS.1 = abc.example.comDNS.2 = dfe.example.orgDNS....
openssl req -new -days 3650 -key keys/secondCA.key -out keys/secondCA.csr openssl ca -extensions v3_ca -in keys/secondCA.csr -config /etc/pki/tls/openssl.cnf -days 3650 -out keys/secondCA.crt -cert keys/RootCA.crt -keyfile keys/RootCA.key ...
openssl req -new -key emqx.key -config openssl.cnf -out emqx.csr openssl x509 -req -in emqx.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out emqx.pem -days 3650 -sha256 -extensions v3_req -extfile openssl.cnf 客户端证书:
Create the server configuration file, by editing~/myCA/exampleserver.cnfwith your favorite text editor. Add this example content: ## exampleserver.cnf#[ req ]prompt = nodistinguished_name = server_distinguished_namereq_extensions = v3_req[ server_distinguished_name ]commonName = tradeshowhell.com...
There is a testsuite in gdm3 doing this: openssl req -batch -new -nodes \ -passin pass:random-intermediate-CA-password-18641 \ -config /tmp/sssd-softhsm2-OuDCps/test-intermediate-CA.config \ -key /tmp/sssd-softhsm2-OuDCps/test-intermedia...