OpenSSL证书缺少密钥标识符 [英] OpenSSL certificate lacks key identifiers
本文介绍了OpenSSL证书缺少密钥标识符的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我如何添加这些部分到证书(我手动构建它使用C + +)。
How do i add these sections to certificate (i am manualy building it using C++).
X509v3 Subject Key Identifier:
A4:F7:38:55:8D:35:1E:1D:4D:66:55:54:A5:BE:80:25:4A:F0:68:D0
X509v3 Authority Key Identifier:
keyid:A4:F7:38:55:8D:35:1E:1D:4D:66:55:54:A5:BE:80:25:4A:F0:68:D0
Curently我的代码构建sertificate很好,除了那些键..:/
Curently my code builds sertificate well, except for those keys.. :/
static X509 * GenerateSigningCertificate(EVP_PKEY* pKey)
{
X509 *x;
x = X509_new(); //create x509 certificate
X509_set_version(x, NID_X509);
ASN1_INTEGER_set(X509_get_serialNumber(x), 0x00000000); //set serial number
X509_gmtime_adj(X509_get_notBefore(x), 0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*365); //1 year
X509_set_pubkey(x, pKey); //set pub key from just generated rsa
X509_NAME *name;
name = X509_get_subject_name(x);
NAME_StringField(name, "C", "LV");
NAME_StringField(name, "CN", "Point"); //common name
NAME_StringField(name, "O", "Point"); //organization
X509_set_subject_name(x, name); //save name fields to certificate
X509_set_issuer_name(x, name); //save name fields to certificate
X509_EXTENSION *ex;
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
X509_add_ext(x,ex,-1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment, "example comment extension");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name, "www.lol.lv");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical,CA:TRUE");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
X509_sign(x, pKey, EVP_sha1()); //sign x509 certificate
return x;
}
推荐答案
找到解决方案 - 添加这些行到代码
Found solution - add these lines to code
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_subject_key_identifier, "hash");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_authority_key_identifier, "keyid:always");
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);
这篇关于OpenSSL证书缺少密钥标识符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文