OpenSSL X509V3扩展密钥用法 [英] Openssl x509v3 Extended Key Usage
本文介绍了OpenSSL X509V3扩展密钥用法的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我知道您可以通过在 openssl.cfg 文件中添加如下一行来指定证书公用密钥的用途:
I know you can specify the purpose for which a certificate public key can be used for by adding a line like this one in the openssl.cfg file:
extendedKeyUsage=serverAuth,clientAuth
但是由于我要创建多个证书,每个证书具有不同的扩展密钥用法,是否可以在命令行中指定我需要哪个属性(不使用openssl.cfg文件)?像这样:
But since I have several certificates to create, each with a different extended key usage, is it possible to specify which attribute I need in the command line (without using the openssl.cfg file)? Something like:
openssl req -newkey rsa:4096 \
-extendedKeyUsage "serverAuth,clientAuth" \
-keyform PEM \
-keyout server-key.pem \
-out server-req.csr \
-outform PEM
谢谢!
推荐答案
您只能使用以下内容:
openssl -extensions mysection -config myconfig.cnf
和myconfig.cnf:
and myconfig.cnf:
[mysection]
keyUsage = digitalSignature
extendedKeyUsage = codeSigning
我不知道此功能的命令行界面.
I am not aware of command line interface to this functionality.
这篇关于OpenSSL X509V3扩展密钥用法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文