OpenSSL X509V3扩展密钥用法 [英] Openssl x509v3 Extended Key Usage

问题描述

我知道您可以通过在 openssl.cfg 文件中添加如下一行来指定证书公用密钥的用途:

I know you can specify the purpose for which a certificate public key can be used for by adding a line like this one in the openssl.cfg file:

extendedKeyUsage=serverAuth,clientAuth

但是由于我要创建多个证书，每个证书具有不同的扩展密钥用法，是否可以在命令行中指定我需要哪个属性(不使用openssl.cfg文件)?像这样:

But since I have several certificates to create, each with a different extended key usage, is it possible to specify which attribute I need in the command line (without using the openssl.cfg file)? Something like:

openssl req -newkey rsa:4096 \
            -extendedKeyUsage "serverAuth,clientAuth" \
            -keyform PEM \
            -keyout server-key.pem \
            -out server-req.csr \
            -outform PEM

谢谢！

推荐答案

您只能使用以下内容:

openssl -extensions mysection -config myconfig.cnf

和myconfig.cnf:

and myconfig.cnf:

[mysection]
keyUsage         = digitalSignature
extendedKeyUsage = codeSigning

我不知道此功能的命令行界面.

I am not aware of command line interface to this functionality.

这篇关于OpenSSL X509V3扩展密钥用法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！