在命令中使用Openssl optionalCompanyName(可选公司名称) [英] Openssl optionalCompanyName (optional Company Name) in command
问题描述
我做了一个openssl命令,所以我可以使用脚本将其自动化.我通过访问不同的问题和站点来找到所有选项,但是找不到可选公司名称"的选项,我尝试了"optionalCompanyName",但没有用.
I made one openssl command so I can automate it using scripting. I find all the options by visiting different questions and sites but could not find option for "An optional company name", I tried "optionalCompanyName" but it did not worked.
(/C) Country Name (2 letter code) [XX]:GB
(/ST) State or Province Name (full name) []:London
(/L) Locality Name (eg, city) [Default City]:London
(/O) Organization Name (eg, company) [Default Company Ltd]:XYZ
(/U) Organizational Unit Name (eg, section) []:XYZ
(/CN) Common Name (eg, your name or your server's hostname) []:- $DOMAIN
(/emailAddress) Email Address [] :- some@some.com
(/challengePassword) A challenge password :- strongpass
(/?) An optional company name []:PROBLEM
请帮助.
export domain=SOMEDOMAINNAME
openssl req -nodes -newkey rsa:2048 -keyout $domain.key -out $domain.csr -subj "/C=GB/ST=London/L=London/O=XYZ/OU=XYZ UK/CN=$domain/emailAddress=some@some.com/challengePassword=strongpass/optionalCompanyName=PROBLEM"
多行中使用相同的命令,因此易于阅读
Same command in multi line, so it is easy to read
export domain=SOMEDOMAINNAME
openssl req -nodes -newkey rsa:2048 -keyout $domain.key -out $domain.csr -subj
"/C=GB/ST=London/L=London/O=XYZ/OU=XYZ UK/CN=$domain/emailAddress=some@some.com
/challengePassword=strongpass/optionalCompanyName=PROBLEM"
访问链接
- https://www.shellhacks.com/create-csr-openssl-无提示非交互式/
- https://www.digicert.com/ssl -support/openssl-quick-reference-guide.htm
- https://www.openssl.org/docs/manmaster /man1/req.html#CONFIGURATION_FILE_FORMAT 和几个Stackoverflow问题
- https://www.shellhacks.com/create-csr-openssl-without-prompt-non-interactive/
- https://www.digicert.com/ssl-support/openssl-quick-reference-guide.htm
- https://www.openssl.org/docs/manmaster/man1/req.html#CONFIGURATION_FILE_FORMAT and few Stackoverflow questions
推荐答案
没有定义可选公司名称"项.
There is no "optional company name" item defined.
我认为您所指的是组织名称"属性类型.这是用LDAP名称"O"定义的.
I think what you are referring to is the "Organization Name" attribute type. This is defined with the LDAP-NAME of "O".
在您的示例中:
"/C = GB/ST =伦敦/L =伦敦/O = XYZ/OU = XYZ UK/CN=$domain/emailAddress=some@some.com /challengePassword = strongpass/optionalCompanyName = PROBLEM"
"/C=GB/ST=London/L=London/O=XYZ/OU=XYZ UK/CN=$domain/emailAddress=some@some.com /challengePassword=strongpass/optionalCompanyName=PROBLEM"
它是"/O = XYZ",因此组织"(或公司名称)为"XYZ".
It's the "/O=XYZ" so the "Organization" (or company name) is "XYZ".
更新:
经过一番阅读后,我看到了你来自哪里,因为我从没经历过这样的经历:
After some reading I see where you are coming from as I never some across this before:
可选的公司名称:"为" unstructuredName ".
"An optional company name:" is "unstructuredName".
"unstructuredName"和"challengePassword"仅是证书请求的一部分.因此,这不是主题的一部分.因此,您不应在主题行中使用"/challengePassword = strongpass".
"unstructuredName" and "challengePassword" is part of a certificate request only. So it's NOT part of the subject. So you shouldn't use "/challengePassword=strongpass" in your subject line.
您可以在默认的openssl.conf文件中看到它:
You can see this in a default openssl.conf file:
[ req ]
attributes = req_attributes
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
请求属性似乎被大多数CA所忽略.请参见OpenSSL 文档:
Req attributes look to be ignored by most CA's. See note in OpenSSL documentation:
属性
这指定包含任何请求的部分 属性:其格式与distinguished_name相同.通常 这些可能包含ChallengePassword或unstructuredName类型. 目前,OpenSSL的请求签名实用程序将忽略它们,但是 一些CA可能会想要它们.
this specifies the section containing any request attributes: its format is the same as distinguished_name. Typically these may contain the challengePassword or unstructuredName types. They are currently ignored by OpenSSL's request signing utilities but some CAs might want them.
当前,openssl没有提供任何从命令行设置请求属性的方法.因此,唯一的方法就是使用设置了这些属性的自定义conf文件.
Currently openssl does not provide any way to set req attrbutes from the command line. So the only way to do this is with a custom conf file with those attributes set.
如果需要执行此操作,我将创建一个conf文件,将提示设置为"no",并使用-conf openssl参数.请注意,当您将提示设置为否"时,格式会有所变化.
If you need to do this, I would create a conf file with the prompt set to "no" and use the -conf openssl paramater. Please note that the format changes a little when you set prompt to "no".
由于无论如何都很可能会忽略req行为,所以我不会理会它们.
Since req atrributes are most likely ignored anyway, I would not bother setting them.
这篇关于在命令中使用Openssl optionalCompanyName(可选公司名称)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!