在命令中使用Openssl optionalCompanyName(可选公司名称) [英] Openssl optionalCompanyName (optional Company Name) in command

问题描述

我做了一个openssl命令，所以我可以使用脚本将其自动化.我通过访问不同的问题和站点来找到所有选项，但是找不到可选公司名称"的选项，我尝试了"optionalCompanyName"，但没有用.

I made one openssl command so I can automate it using scripting. I find all the options by visiting different questions and sites but could not find option for "An optional company name", I tried "optionalCompanyName" but it did not worked.

(/C) Country Name (2 letter code) [XX]:GB
(/ST) State or Province Name (full name) []:London
(/L) Locality Name (eg, city) [Default City]:London
(/O) Organization Name (eg, company) [Default Company Ltd]:XYZ
(/U) Organizational Unit Name (eg, section) []:XYZ
(/CN) Common Name (eg, your name or your server's hostname) []:- $DOMAIN
(/emailAddress) Email Address [] :- some@some.com
(/challengePassword) A challenge password :- strongpass
(/?) An optional company name []:PROBLEM

请帮助.

export domain=SOMEDOMAINNAME
openssl req -nodes -newkey rsa:2048 -keyout $domain.key -out $domain.csr -subj "/C=GB/ST=London/L=London/O=XYZ/OU=XYZ UK/CN=$domain/emailAddress=some@some.com/challengePassword=strongpass/optionalCompanyName=PROBLEM"

多行中使用相同的命令，因此易于阅读

Same command in multi line, so it is easy to read

export domain=SOMEDOMAINNAME
openssl req -nodes -newkey rsa:2048 -keyout $domain.key -out $domain.csr -subj  
"/C=GB/ST=London/L=London/O=XYZ/OU=XYZ UK/CN=$domain/emailAddress=some@some.com 
/challengePassword=strongpass/optionalCompanyName=PROBLEM"

访问链接

• https://www.shellhacks.com/create-csr-openssl-无提示非交互式/
• https://www.digicert.com/ssl -support/openssl-quick-reference-guide.htm
• https://www.openssl.org/docs/manmaster /man1/req.html#CONFIGURATION_FILE_FORMAT 和几个Stackoverflow问题

• https://www.shellhacks.com/create-csr-openssl-without-prompt-non-interactive/
• https://www.digicert.com/ssl-support/openssl-quick-reference-guide.htm
• https://www.openssl.org/docs/manmaster/man1/req.html#CONFIGURATION_FILE_FORMAT and few Stackoverflow questions

推荐答案

定义ITU X.520 .

没有定义可选公司名称"项.

There is no "optional company name" item defined.

我认为您所指的是组织名称"属性类型.这是用LDAP名称"O"定义的.

I think what you are referring to is the "Organization Name" attribute type. This is defined with the LDAP-NAME of "O".

在您的示例中:

"/C = GB/ST =伦敦/L =伦敦/O = XYZ/OU = XYZ UK/CN=$domain/emailAddress=some@some.com /challengePassword = strongpass/optionalCompanyName = PROBLEM"

"/C=GB/ST=London/L=London/O=XYZ/OU=XYZ UK/CN=$domain/emailAddress=some@some.com /challengePassword=strongpass/optionalCompanyName=PROBLEM"

它是"/O = XYZ"，因此组织"(或公司名称)为"XYZ".

It's the "/O=XYZ" so the "Organization" (or company name) is "XYZ".

更新:

经过一番阅读后，我看到了你来自哪里，因为我从没经历过这样的经历:

After some reading I see where you are coming from as I never some across this before:

可选的公司名称:"为" unstructuredName ".

"An optional company name:" is "unstructuredName".

"unstructuredName"和"challengePassword"仅是证书请求的一部分.因此，这不是主题的一部分.因此，您不应在主题行中使用"/challengePassword = strongpass".

"unstructuredName" and "challengePassword" is part of a certificate request only. So it's NOT part of the subject. So you shouldn't use "/challengePassword=strongpass" in your subject line.

您可以在默认的openssl.conf文件中看到它:

You can see this in a default openssl.conf file:

[ req ]
attributes      = req_attributes

[ req_attributes ]
challengePassword       = A challenge password
challengePassword_min       = 4
challengePassword_max       = 20
unstructuredName        = An optional company name

请求属性似乎被大多数CA所忽略.请参见OpenSSL 文档:

Req attributes look to be ignored by most CA's. See note in OpenSSL documentation:

属性

这指定包含任何请求的部分 属性:其格式与distinguished_name相同.通常 这些可能包含ChallengePassword或unstructuredName类型. 目前，OpenSSL的请求签名实用程序将忽略它们，但是 一些CA可能会想要它们.

this specifies the section containing any request attributes: its format is the same as distinguished_name. Typically these may contain the challengePassword or unstructuredName types. They are currently ignored by OpenSSL's request signing utilities but some CAs might want them.

当前，openssl没有提供任何从命令行设置请求属性的方法.因此，唯一的方法就是使用设置了这些属性的自定义conf文件.

Currently openssl does not provide any way to set req attrbutes from the command line. So the only way to do this is with a custom conf file with those attributes set.

如果需要执行此操作，我将创建一个conf文件，将提示设置为"no"，并使用-conf openssl参数.请注意，当您将提示设置为否"时，格式会有所变化.

If you need to do this, I would create a conf file with the prompt set to "no" and use the -conf openssl paramater. Please note that the format changes a little when you set prompt to "no".

由于无论如何都很可能会忽略req行为，所以我不会理会它们.

Since req atrributes are most likely ignored anyway, I would not bother setting them.

这篇关于在命令中使用Openssl optionalCompanyName(可选公司名称)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！