如何使用OpenSSL生成X509证书的所有权证明? [英] How to generate a proof of possesion for a X509 certificate using OpenSSL?

问题描述

我需要生成拥有证明，并用我的私钥签署验证码.

I need to generate a proof of possession, signing a verification code with my private key.

在堆栈溢出中，我没有找到与此相关的问题，也没有在Internet上找到任何参考.我正在关注此教程，但我想使用OpenSSL.

I did not find a question related to this, here in Stack Overflow, and I am not finding some reference on Internet. I am following this tutorial, but I want to use OpenSSL.

我的验证码与X509证书相关，例如:

My verification code is related to a X509 certificate, like this:

7A69A4702DA903A41C3A5BC5575A8E3F49BEC5E5BA2D4CE1

推荐答案

我在Azure支持团队中得到了答案.

I got the answer with the Azure support team.

我已经有了用以下命令生成的根密钥和X509证书:

I already had my root key and X509 cert, generated with the following command:

openssl req -x509 -newkey rsa:2048 -keyout root_private.pem -nodes -out root_cert.pem

然后，我需要生成验证证书...

Then, I needed to generate the verification cert...

• 创建验证码:

• Create verification key:

openssl genrsa -out verification.key 2048

创建验证证书:

Create the verification cert:

openssl req -new -key verification.key -out verification.csr

创建验证证书时，我需要将获得的验证码(7A69A4702DA903A41C3A5BC5575A8E3F49BEC5E5BA2D4CE1)指定为"公用名"证书字段.

When creating the verification cert, I need to specify the verification code obtained (7A69A4702DA903A41C3A5BC5575A8E3F49BEC5E5BA2D4CE1) as the "Common Name" certificate field.

现在，只需使用以下命令创建拥有证明证书:

Now, just create the proof of possession certificate with the following command:

openssl x509 -req -in verification.csr -CA root_cert.pem -CAkey root_private.pem -CAcreateserial -out verificationCert.pem -days 1024 -sha256

如果我没记错的话，最后一条命令使用根私钥对verification.csr进行签名，该verification.csr的验证码为 Common Name .最后，verificationCert.pem可用作拥有权证明.

If I am not wrong, this last command signs the verification.csr, that has the verification code as the Common Name, with the root private key. At the end, the verificationCert.pem can be used as the proof of possession.

这篇关于如何使用OpenSSL生成X509证书的所有权证明?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！