将扩展放入 OpenSSL 的证书中 [英] Putting extensions in a certificate in OpenSSL
问题描述
我需要像图片这样的证书中的扩展名,我尝试了很多方法,但我不能.
我正在跑步:
"#openssl req -new -keyout $nomerepre.key -out $nomerepre.csr -passin pass:$senha -config myconfig.cnf"#openssl x509 -req -days 365 -in $nomerepre.csr -CA ca.crt -CAkey ca.key -set_serial 10102014 -out $nomerepre.crt -passin pass:$senha -extfile myconfig.cnf -extensions v3_req"<小时>
我的配置文件如下
myconfigssl.conf
oid_section = OID[要求]default_bits = 2048提示 = 否encrypt_key = 否default_md = sha1专有名称 = dnreq_extensions = v3_req[ OID ]MyOID=2.16.76.1.3.4[DN]CN = 约翰史密斯电子邮件地址 = john.smith@quovadisglobal.comO = QuoVadis 集团C = 美国[v3_req]1.2.3.4.5.6.7.8=ASN1:UTF8String:SomethingkeyUsage = nonRepudiation、digitalSignature、keyEncipherment#subjectAltName = @alt_names[替代名称]MyOID = 000000001111111111122222222222333333333334444442.16.76.1.3.4 = 00000000111111111112222222222233333333333444444不幸的是,结果是这样的:
我不明白为什么你没有 EG2Oa.jpg 中所示的扩展.你应该有扩展 1.2.3.4.5.6.7.8 那里.SubjectAltName 已注释,因此不应在证书中.
我尝试使用
我使用了这个配置
# 如果应该是单独的扩展2.16.76.1.3.4=ASN1:UTF8String:一些随机数据#如果它应该是subjectAltName的一部分subjectAltName=@subject_alt_section[subject_alt_section]otherName=2.16.76.1.3.4;UTF8:一些随机数据我拿到了这个证书
<小时>现在一些理论.我不知道这个扩展应该放在哪里.如果它是一个单独的扩展名或者它应该是 SubjectAltName 的一部分.我不知道扩展名是否应该是 UTF8String 或 OctetString 或某个序列.
如果你想要一个单独的扩展,你可以使用 2.16.76.1.3.4=ASN1:UTF8String:Some random data 正如你已经尝试过的那样.可以在
I need to put extensions in a certificate like this in the picture, I tried many ways, but I can not.
I'm running:
"#openssl req -new -keyout $nomerepre.key -out $nomerepre.csr -passin pass:$senha -config myconfig.cnf"
"#openssl x509 -req -days 365 -in $nomerepre.csr -CA ca.crt -CAkey ca.key -set_serial 10102014 -out $nomerepre.crt -passin pass:$senha -extfile myconfig.cnf -extensions v3_req"
My configuration file is thus below
myconfigssl.conf
oid_section = OIDs
[ req ]
default_bits = 2048
prompt = no
encrypt_key = no
default_md = sha1
distinguished_name = dn
req_extensions = v3_req
[ OIDs ]
MyOID=2.16.76.1.3.4
[ dn ]
CN = John Smith
emailAddress = john.smith@quovadisglobal.com
O = QuoVadis Group
C = US
[v3_req]
1.2.3.4.5.6.7.8=ASN1:UTF8String:Something
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#subjectAltName = @alt_names
[alt_names]
MyOID = 00000000111111111112222222222233333333333444444
2.16.76.1.3.4 = 00000000111111111112222222222233333333333444444
Unfortunately the result that this is going:
I don't understand why you got no extensions as shown in EG2Oa.jpg. You should have extension 1.2.3.4.5.6.7.8 there. SubjectAltName is commented so it should not be in the certificate.
I tried using xca which uses OpenSSL 1.0.2d as show in the picture
I used this config
# if it should be a separate extension
2.16.76.1.3.4=ASN1:UTF8String:Some random data
#if it should be a part of subjectAltName
subjectAltName=@subject_alt_section
[subject_alt_section]
otherName=2.16.76.1.3.4;UTF8:Some random data
And I got this certificate
Now some theory. I don't know where this extension should be placed. If it is a separate extension or if it should be a part of SubjectAltName. I don't know if the extension should be an UTF8String or OctetString or a Sequence of something.
If you want a separate extension you can use 2.16.76.1.3.4=ASN1:UTF8String:Some random data as you already tried. More on arbitrary extensions can be found here.
This extension can be part of subjectAltName according to the description of the oid. Definition of otherName can be found in RFC5280 in section 4.2.1.6. If so then this config worked for me
subjectAltName=@subject_alt_section
[subject_alt_section]
otherName=2.16.76.1.3.4;UTF8:Some random data
Using the above mentioned config I've got structure of the certificate as shown in the picture below. ASN1Editor was used to show the structure.
这篇关于将扩展放入 OpenSSL 的证书中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
