Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
b6df360b
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
b6df360b
编写于
6月 01, 2011
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Simple automated certificate creation demo.
上级
e7ee10d3
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
91 addition
and
0 deletion
+91
-0
demos/certs/README
demos/certs/README
+9
-0
demos/certs/ca.cnf
demos/certs/ca.cnf
+57
-0
demos/certs/mkcerts.sh
demos/certs/mkcerts.sh
+25
-0
未找到文件。
demos/certs/README
0 → 100644
浏览文件 @
b6df360b
There is often a need to generate test certificates automatically using
a script. This is often a cause for confusion which can result in incorrect
CA certificates, obsolete V1 certificates or duplicate serial numbers.
The range of command line options can be daunting for a beginner.
This is a simple example of how to generate certificates automatically
using scripts. Example creates a root CA, a server certificate signed by
the root, an intermediate CA signed by the root and finally a client
certificate signed by the intermediate CA.
demos/certs/ca.cnf
0 → 100644
浏览文件 @
b6df360b
#
# OpenSSL example configuration file for automated certificate creation.
#
# This definition stops the following lines choking if HOME or CN
# is undefined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
CN = "Not Defined"
####################################################################
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
# Don't prompt for fields: use those in section directly
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = UK
organizationName = OpenSSL Group
# Take CN from environment so it can come from a script.
commonName = $ENV::CN
[ usr_cert ]
# These extensions are added when 'ca' signs a request for an end entity
# certificate
basicConstraints=critical, CA:FALSE
keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
basicConstraints = critical,CA:true
keyUsage = critical, cRLSign, keyCertSign
demos/certs/mkcerts.sh
0 → 100644
浏览文件 @
b6df360b
#!/bin/sh
OPENSSL
=
openssl
# Root CA: create certificate directly
CN
=
"Test Root CA"
$OPENSSL
req
-config
ca.cnf
-x509
-nodes
\
-keyout
root.pem
-out
root.pem
-newkey
rsa:2048
-days
3650
# Server certificate: create request first
CN
=
"Test Server Cert"
$OPENSSL
req
-config
ca.cnf
-nodes
\
-keyout
skey.pem
-out
req.pem
-newkey
rsa:1024
# Sign request: end entity extensions
$OPENSSL
x509
-req
-in
req.pem
-CA
root.pem
-days
3600
\
-extfile
ca.cnf
-extensions
usr_cert
-CAcreateserial
-out
server.pem
# Intermediate CA: request first
CN
=
"Test Intermediate CA"
$OPENSSL
req
-config
ca.cnf
-nodes
\
-keyout
intkey.pem
-out
intreq.pem
-newkey
rsa:2048
# Sign request: CA extensions
$OPENSSL
x509
-req
-in
intreq.pem
-CA
root.pem
-days
3600
\
-extfile
ca.cnf
-extensions
v3_ca
-CAcreateserial
-out
intca.pem
# Client certificate: request first
CN
=
"Test Client Cert"
$OPENSSL
req
-config
ca.cnf
-nodes
\
-keyout
ckey.pem
-out
creq.pem
-newkey
rsa:1024
# Sign using intermediate CA
$OPENSSL
x509
-req
-in
creq.pem
-CA
intca.pem
-CAkey
intkey.pem
-days
3600
\
-extfile
ca.cnf
-extensions
usr_cert
-CAcreateserial
-out
client.pem
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录