OpenSSL证书缺少密钥标识符 [英] OpenSSL certificate lacks key identifiers

问题描述

我如何添加这些部分到证书（我手动构建它使用C + +）。

How do i add these sections to certificate (i am manualy building it using C++).

    X509v3 Subject Key Identifier: 
        A4:F7:38:55:8D:35:1E:1D:4D:66:55:54:A5:BE:80:25:4A:F0:68:D0
    X509v3 Authority Key Identifier: 
        keyid:A4:F7:38:55:8D:35:1E:1D:4D:66:55:54:A5:BE:80:25:4A:F0:68:D0

Curently我的代码构建sertificate很好，除了那些键..：/

Curently my code builds sertificate well, except for those keys.. :/

static X509 * GenerateSigningCertificate(EVP_PKEY* pKey)
{
    X509 *x;
    x = X509_new(); //create x509 certificate

    X509_set_version(x, NID_X509);
    ASN1_INTEGER_set(X509_get_serialNumber(x), 0x00000000); //set serial number
    X509_gmtime_adj(X509_get_notBefore(x), 0);
    X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*365); //1 year
    X509_set_pubkey(x, pKey); //set pub key from just generated rsa

    X509_NAME *name;

    name = X509_get_subject_name(x);

    NAME_StringField(name, "C", "LV");
    NAME_StringField(name, "CN", "Point"); //common name
    NAME_StringField(name, "O", "Point"); //organization

    X509_set_subject_name(x, name); //save name fields to certificate
    X509_set_issuer_name(x, name); //save name fields to certificate

    X509_EXTENSION *ex;
    ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
    X509_add_ext(x,ex,-1);
    X509_EXTENSION_free(ex);

    ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment, "example comment extension");
    X509_add_ext(x, ex, -1);
    X509_EXTENSION_free(ex);

    ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name, "www.lol.lv");

    X509_add_ext(x, ex, -1);
    X509_EXTENSION_free(ex);

    ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical,CA:TRUE");
    X509_add_ext(x, ex, -1);
    X509_EXTENSION_free(ex);

    X509_sign(x, pKey, EVP_sha1()); //sign x509 certificate
    return x;
}

推荐答案

找到解决方案 - 添加这些行到代码

Found solution - add these lines to code

ex = X509V3_EXT_conf_nid(NULL, NULL, NID_subject_key_identifier, "hash");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);

ex = X509V3_EXT_conf_nid(NULL, NULL, NID_authority_key_identifier, "keyid:always");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);

这篇关于OpenSSL证书缺少密钥标识符的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！