如何在openssl.cnf文件中格式化OID主题替代名称条目 [英] How to format an OID Subject Alt Name entry in a openssl.cnf file
问题描述
我需要将以下SAN添加到证书中:
I need to add the following SAN to a certifacate:
oid:1.2.3.4.5.5
我正常的证书创建过程是生成一个openssl.cnf文件,然后使用此文件生成一个csr(证书签名请求),然后使用我自己的CA从csr生成一个证书.
My normal certificate creation process is to generate an openssl.cnf file, then using this file generate a csr (certificate signing request), and then generate a certificate from the csr using my own CA.
.cnf文件是纯文本文件,其中包含一个部分,描述了我想包含在csr中并最终包含在crt中的所有SAN.该部分如下所示:
The .cnf file is a plain text file which contains a section describing all the SANs that I would like included in the csr and eventually the crt. That section looks like this:
...
[san]
DNS.1 = foo.bar
DNS.2 = baz.foobar
IP.1 = 1.1.1.1
IP.2 = 2.2.2.2
...
我尝试了3种不同的方式插入OID条目:
I have tried inserting the OID entry 3 different ways:
attempt 1) OID.1 = 1.2.3.4.5.5
attempt 2) DNS.3 = 1.2.3.4.5.5
attempt 3) IP.3 = 1.2.3.4.5.5
使用1)尝试生成证书时出现错误,表明前缀OID
无法识别.使用2)和3)我可以生成crt,但是当我将其放置到位时,不支持SAN oid:1.2.3.4.5.5.
With 1) I get an error when trying to generate the certificate, indicating that the prefix OID
is unrecognized. With 2) and 3) I am able to generate the crt, but when I put it in place the SAN oid:1.2.3.4.5.5 is not supported.
因此,我想知道将其添加到openssl.cnf文件的使用者替代名称"部分的正确语法是什么.
So, I am wondering what the correct syntax would be for adding such and entry to the Subject Alternative Names section of an openssl.cnf file.
干杯!
推荐答案
基于Steffen Ullrich的回答,此版本在完整示例中正确指定了OID标识符:
Based on Steffen Ullrich's answer, this version correctly specifies the OID identifier in a complete example:
subjectAltName=@san
[san]
DNS.1=foo.example.com
DNS.2=bar.example.com
RID.1=1.2.3.4.5.5
或者,一行完成:
subjectAltName=DNS:foo.example.com,DNS:bar.example.com,RID:1.2.3.4.5.5
当与 https://security.stackexchange.com/a/91556 结合使用以传递-config
CLI的选项,而不使用.cnf文件.
This is particularly useful when combined with https://security.stackexchange.com/a/91556 to pass -config
options to the CLI without using a .cnf file.
这篇关于如何在openssl.cnf文件中格式化OID主题替代名称条目的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!