1. 首頁
  2. 問答
  3. 我如何創建一個certifacate文件包含'簽名算法'使用openssl api

我如何創建一個certifacate文件包含'簽名算法'使用openssl api

2017-05-24 86 views
1

我在我的服務器上創建了自簽名證書,但我想通過程序代碼創建客戶端證書,而不是linux命令。我使用OpenSSL的API PEM_write_X509(fp, x509)創建client.crt文件,最後的結果是:我如何創建一個certifacate文件包含'簽名算法'使用openssl api

-----BEGIN CERTIFICATE----- 
MIIDiDCCAnCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UEBhMCQ04x 
DzANBgNVBAgMBmZ1amlhbjEPMA0GA1UEBwwGZnV6aG91MRcwFQYDVQQKDA5sYW5o 
YWl0aWFud2FuZzEXMBUGA1UECwwObGFuaGFpdGlhbndhbmcxGjAYBgNVBAMMEWRh 
dGEud2Fuc2hpcHMuY29tMSowKAYJKoZIhvcNAQkBFht3ZW5jaGVuZ0BsYW5oYWl0 
aWFud2FuZy5jb20wHhcNMTcwNTExMDkxMDE3WhcNMjcwNTA5MDkxMDE3WjBsMQsw 
CQYDVQQGEwJDTjEPMA0GA1UECAwGZnVqaWFuMRcwFQYDVQQKDA5sYW5oYWl0aWFu 
d2FuZzEXMBUGA1UECwwObGFuaGFpdGlhbndhbmcxGjAYBgNVBAMMEWRhdGEud2Fu 
c2hpcHMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYqJD7F1wVKbKl 
QLbkZYXhVMosHd9CVYNauaCJlU6HP9lTox8QCE201vTkfzQasADosBTDB3txm6RB 
wq5pAM2xCtk634GIEj4p+BarOUFcR4ZWgv+qO/XAi/45kbrYT5ItxJBtU/tU5p47 
80ZXkeqMYNHMxR2FRPY5feijF4UxKwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG 
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E 
FgQUg86QuULuqFwOy7y3jgQprT8myRwwHwYDVR0jBBgwFoAUDGbHscvgKDbCbKDU 
1pIGhy7uODYwDQYJKoZIhvcNAQEFBQADggEBAIvjmzE3dW4aQ33actg54f/TDAgz 
Sj9N9aENK530eXjlda4J9GB24rGOR6pnPHRQsUxQNKZx217k+LKFZaCgsQAKvipM 
BWdUFvSfSRuKUKnAJitFV5Z5UrkoPRpAIoSDrxoyh6FWl9hQCfPfbvLpJuM/kxuI 
2FdoWzEWQE75W2tlAx1d7qKYgMB7saYjzETxXoQCwcfp2ruKAaKe/n5cI1Beouj+ 
rRmjinOYjSwe8X3kR33v1FInnAUfOho89nper48NaV4+Uk9+Ze7m9IB1xDqnUE8P 
NCX/nU80jt9O3ya5jqth1feUs9yIDx9YSF1Db0QTFrQJbp3B4t1Ov9WsVEc= 
-----END CERTIFICATE-----

但我需要的效果是:

Certificate: 
    Data: 
     Version: 3 (0x2) 
     Serial Number: 3 (0x3) 
    Signature Algorithm: sha1WithRSAEncryption 
     Issuer: C=AA, ST=ab, L=abc, O=abc, OU=abc, CN=10.1.1.12/[email protected] 
     Validity 
      Not Before: May 11 09:10:17 2017 GMT 
      Not After : May 9 09:10:17 2027 GMT 
     Subject: C=AA, ST=ab, O=abc, OU=abc, CN=10.1.1.12 
     Subject Public Key Info: 
      Public Key Algorithm: rsaEncryption 
       Public-Key: (1024 bit) 
       Modulus: 
        00:d8:a8:90:fb:17:5c:15:29:b2:a5:40:b6:e4:65: 
        85:e1:54:ca:2c:1d:df:42:55:83:5a:b9:a0:89:95: 
        4e:87:3f:d9:53:a3:1f:10:08:4d:b4:d6:f4:e4:7f: 
        34:1a:b0:00:e8:b0:14:c3:07:7b:71:9b:a4:41:c2: 
        ae:69:00:cd:b1:0a:d9:3a:df:81:88:12:3e:29:f8: 
        16:ab:39:41:5c:47:86:56:82:ff:aa:3b:f5:c0:8b: 
        fe:39:91:ba:d8:4f:92:2d:c4:90:6d:53:fb:54:e6: 
        9e:3b:f3:46:57:91:ea:8c:60:d1:cc:c5:1d:85:44: 
        f6:39:7d:e8:a3:17:85:31:2b 
       Exponent: 65537 (0x10001) 
     X509v3 extensions: 
      X509v3 Basic Constraints: 
       CA:FALSE 
      Netscape Comment: 
       OpenSSL Generated Certificate 
      X509v3 Subject Key Identifier: 
       83:CE:90:B9:42:EE:A8:5C:0E:CB:BC:B7:8E:04:29:AD:3F:26:C9:1C 
      X509v3 Authority Key Identifier: 
       keyid:0C:66:C7:B1:CB:E0:28:36:C2:6C:A0:D4:D6:92:06:87:2E:EE:38:36 

    Signature Algorithm: sha1WithRSAEncryption 
     8b:e3:9b:31:37:75:6e:1a:43:7d:da:72:d8:39:e1:ff:d3:0c: 
     08:33:4a:3f:4d:f5:a1:0d:2b:9d:f4:79:78:e5:75:ae:09:f4: 
     60:76:e2:b1:8e:47:aa:67:3c:74:50:b1:4c:50:34:a6:71:db: 
     5e:e4:f8:b2:85:65:a0:a0:b1:00:0a:be:2a:4c:05:67:54:16: 
     f4:9f:49:1b:8a:50:a9:c0:26:2b:45:57:96:79:52:b9:28:3d: 
     1a:40:22:84:83:af:1a:32:87:a1:56:97:d8:50:09:f3:df:6e: 
     f2:e9:26:e3:3f:93:1b:88:d8:57:68:5b:31:16:40:4e:f9:5b: 
     6b:65:03:1d:5d:ee:a2:98:80:c0:7b:b1:a6:23:cc:44:f1:5e: 
     84:02:c1:c7:e9:da:bb:8a:01:a2:9e:fe:7e:5c:23:50:5e:a2: 
     e8:fe:ad:19:a3:8a:73:98:8d:2c:1e:f1:7d:e4:47:7d:ef:d4: 
     52:27:9c:05:1f:3a:1a:3c:f6:7a:5e:af:8f:0d:69:5e:3e:52: 
     4f:7e:65:ee:e6:f4:80:75:c4:3a:a7:50:4f:0f:34:25:ff:9d: 
     4f:34:8e:df:4e:df:26:b9:8e:ab:61:d5:f7:94:b3:dc:88:0f: 
     1f:58:48:5d:43:6f:44:13:16:b4:09:6e:9d:c1:e2:dd:4e:bf: 
     d5:ac:54:47 

-----BEGIN CERTIFICATE----- 
MIIDiDCCAnCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UEBhMCQ04x 
DzANBgNVBAgMBmZ1amlhbjEPMA0GA1UEBwwGZnV6aG91MRcwFQYDVQQKDA5sYW5o 
YWl0aWFud2FuZzEXMBUGA1UECwwObGFuaGFpdGlhbndhbmcxGjAYBgNVBAMMEWRh 
dGEud2Fuc2hpcHMuY29tMSowKAYJKoZIhvcNAQkBFht3ZW5jaGVuZ0BsYW5oYWl0 
aWFud2FuZy5jb20wHhcNMTcwNTExMDkxMDE3WhcNMjcwNTA5MDkxMDE3WjBsMQsw 
CQYDVQQGEwJDTjEPMA0GA1UECAwGZnVqaWFuMRcwFQYDVQQKDA5sYW5oYWl0aWFu 
d2FuZzEXMBUGA1UECwwObGFuaGFpdGlhbndhbmcxGjAYBgNVBAMMEWRhdGEud2Fu 
c2hpcHMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYqJD7F1wVKbKl 
QLbkZYXhVMosHd9CVYNauaCJlU6HP9lTox8QCE201vTkfzQasADosBTDB3txm6RB 
wq5pAM2xCtk634GIEj4p+BarOUFcR4ZWgv+qO/XAi/45kbrYT5ItxJBtU/tU5p47 
80ZXkeqMYNHMxR2FRPY5feijF4UxKwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG 
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E 
FgQUg86QuULuqFwOy7y3jgQprT8myRwwHwYDVR0jBBgwFoAUDGbHscvgKDbCbKDU 
1pIGhy7uODYwDQYJKoZIhvcNAQEFBQADggEBAIvjmzE3dW4aQ33actg54f/TDAgz 
Sj9N9aENK530eXjlda4J9GB24rGOR6pnPHRQsUxQNKZx217k+LKFZaCgsQAKvipM 
BWdUFvSfSRuKUKnAJitFV5Z5UrkoPRpAIoSDrxoyh6FWl9hQCfPfbvLpJuM/kxuI 
2FdoWzEWQE75W2tlAx1d7qKYgMB7saYjzETxXoQCwcfp2ruKAaKe/n5cI1Beouj+ 
rRmjinOYjSwe8X3kR33v1FInnAUfOho89nper48NaV4+Uk9+Ze7m9IB1xDqnUE8P 
NCX/nU80jt9O3ya5jqth1feUs9yIDx9YSF1Db0QTFrQJbp3B4t1Ov9WsVEc= 
-----END CERTIFICATE-----

我該怎麼辦呢?我應該在OpenSSL API中使用哪種方法?

謝謝

來源

2017-05-24 F.Vince

+0

你想用什麼簽名算法? ***'CN = 10.1.1.12' ***可能是錯誤的。主機名始終在* SAN *中。如果它存在於* CN *中,那麼它也必須存在於* SAN *中(在這種情況下,您必須列出它兩次)。有關更多規則和原因,請參閱[如何使用您的證書頒發機構簽署證書籤名請求](http://stackoverflow.com/a/21340898/608639)和[如何使用openssl創建自簽名證書?]( http://stackoverflow.com/q/10175812/608639)您還需要將自簽名證書放入適當的信任庫中。 – jww

回答

0

您可以使用函數X509_print_ex(),這是專爲這一目的:

X509 *x509 = NULL; 
RSA *rsa = NULL; 

PEM_read_X509(stdin, &x509, NULL, NULL); 
x509_print_ex_fp(stdout, x509, XN_FLAG_COMPAT, XN_FLAG_COMPAT);

來源

2017-05-24 10:32:06 Ctx

+0

謝謝,但我怎樣才能創建X509_name對象,這些標誌是什麼意思。 –

+0

我給你一個完整的例子,它沒有真正的manpage,所以我刪除了鏈接 – Ctx

+0

非常感謝你 –

相關問題

 相關問題