如何使用OpenSSL生成X509证书的所有权证明? [英] How to generate a proof of possesion for a X509 certificate using OpenSSL?
问题描述
我需要生成拥有证明,并用我的私钥签署验证码.
I need to generate a proof of possession, signing a verification code with my private key.
在堆栈溢出中,我没有找到与此相关的问题,也没有在Internet上找到任何参考.我正在关注此教程,但我想使用OpenSSL.
I did not find a question related to this, here in Stack Overflow, and I am not finding some reference on Internet. I am following this tutorial, but I want to use OpenSSL.
我的验证码与X509证书相关,例如:
My verification code is related to a X509 certificate, like this:
7A69A4702DA903A41C3A5BC5575A8E3F49BEC5E5BA2D4CE1
推荐答案
我在Azure支持团队中得到了答案.
I got the answer with the Azure support team.
我已经有了用以下命令生成的根密钥和X509证书:
I already had my root key and X509 cert, generated with the following command:
openssl req -x509 -newkey rsa:2048 -keyout root_private.pem -nodes -out root_cert.pem
然后,我需要生成验证证书...
Then, I needed to generate the verification cert...
-
创建验证码:
Create verification key:
openssl genrsa -out verification.key 2048
创建验证证书:
Create the verification cert:
openssl req -new -key verification.key -out verification.csr
创建验证证书时,我需要将获得的验证码(7A69A4702DA903A41C3A5BC5575A8E3F49BEC5E5BA2D4CE1
)指定为"公用名"证书字段.
When creating the verification cert, I need to specify the verification code obtained (7A69A4702DA903A41C3A5BC5575A8E3F49BEC5E5BA2D4CE1
) as the "Common Name" certificate field.
现在,只需使用以下命令创建拥有证明证书:
Now, just create the proof of possession certificate with the following command:
openssl x509 -req -in verification.csr -CA root_cert.pem -CAkey root_private.pem -CAcreateserial -out verificationCert.pem -days 1024 -sha256
如果我没记错的话,最后一条命令使用根私钥对verification.csr
进行签名,该verification.csr
的验证码为 Common Name .最后,verificationCert.pem
可用作拥有权证明.
If I am not wrong, this last command signs the verification.csr
, that has the verification code as the Common Name, with the root private key. At the end, the verificationCert.pem
can be used as the proof of possession.
这篇关于如何使用OpenSSL生成X509证书的所有权证明?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!