input_password和output_password分别提供了默认的输入私钥保护口令和输出私钥保护口令。 string_mask选项则是设定了证书请求的信息字段的字符串类型。 distinguished_name,attributes,x509_extensions和req_extensions的值域都是字段名,指定了包含相应信息的字段名字。事实上,与证书请求相关的配置文件选项远远不止这些,如表所示...
distinguished_name = req_distinguished_name string_mask = utf8only # SHA-1 is deprecated, so use SHA-2 instead. default_md = sha256 # Extension to add when the -x509 option is used. x509_extensions = v3_ca [ req_distinguished_name ] # See <https://en.wikipedia.org/wiki/Certificate_...
# utf8only: 只使用 UTF8 字符串。推荐使用这个,这样可以完美的包含任意字符。 # nombstr : 包含了 PrintableString, T61String 两种类型(不使用 BMPStrings 或 UTF8String 两种多字节字符类型) string_mask = nombstr # 如果设为yes,那么不管是命令行还是配置文件中的字符串都将按照UTF-8编码看待。默认值no...
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). # MASK:XXXX a literal mask value. # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. string_mask = utf8only # req_extensions = v3_req # The extensions to add to a certificate request [ r...
string_mask= utf8only #default, pkix, utf8only, nombstr [ req_distinguished_name ] C= CN ST= SH L= Shanghai O= AwesomeCompany 1.OU= Dept.DEV 2.OU= SSL Group 1.CN= mytest 2.CN= mysite emailAddress= ssl@test.com 需要带扩展项 ...
string_mask=utf8only # SHA-1is deprecated, so use SHA-2instead. default_md=sha256 # Extension to add when the-x509 option is used. #makesure use x509_extensions,donot use req_extensions. x509_extensions=v3_ca # use the req_extensions not work. ...
string_mask = utf8only default_md = sha256 x509_extensions = v3_ca [ req_distinguished_name ] countryName = AB stateOrProvinceName = CD localityName = EF_GH organizationName = myorg organizationalUnitName = myorgunit commonName = mycn ...
OpenSSL常用命令 OpenSSL常⽤命令 查看证书 openssl x509 -in cacert.pem -text -noout # PEM openssl x509 -in cacert.der -inform der -text -noout # DER (distinguished encoding rule)查看私钥 openssl rsa -in cakey.pem -text -noout # PEM openssl rsa -in cakey.der -inform der -text -...
vi /etc/pki/tls/openssl.cnf End add CipherString = DEFAULT@SECLEVEL=0 HOME = . oid_section = new_oids [ new_oids ] tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 [ ca ] default_ca = CA_default # The default ca section [ CA_default ] dir ...
ASN1_STRING_set_default_mask_asc 1856 1_1_0 EXIST::FUNCTION: X509_CRL_new 1857 1_1_0 EXIST::FUNCTION: i2b_PrivateKey_bio 1858 1_1_0 EXIST::FUNCTION:DSA ASN1_STRING_length_set 1859 1_1_0 EXIST::FUNCTION: PEM_write_PKCS8 1860 1_1_0 EXIST::FUNCTION:STDIO PKCS7_digest_...