当前位置: 首页 > news >正文

openssl3.2/test/certs - 074 - CT entry

news 来源:原创 2024/5/18 19:13:57

文章目录

    • openssl3.2/test/certs - 074 - CT entry
    • 概述
    • 笔记
    • setup074.sh
    • setup074_sc1.sh
    • setup074_sc2.sh
    • setup074_sc3.sh
    • END

openssl3.2/test/certs - 074 - CT entry

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

setup074.sh

#! /bin/bash# \file setup074.sh# openssl3.2/test/certs - 074 - CT entry# sc1
openssl -v
./mkcert.sh genct server.example embeddedSCTs1-key embeddedSCTs1 embeddedSCTs1_issuer-key embeddedSCTs1_issuer ct-server-key# sc2
openssl -v
OPENSSL_SIGALG= OPENSSL_KEYALG=ed448 ./mkcert.sh genroot "Root Ed448" root-ed448-key root-ed448-cert# sc3
openssl -v
OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 server-ed448-key server-ed448-cert root-ed448-key root-ed448-cert

官方脚本报错, 分为3个小脚本做实验

setup074_sc1.sh

/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\074\my_openssl_linux_doc_074_sc1.txt
* \note 
*/// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash# \file setup074.sh# openssl3.2/test/certs - 074 - CT entry# sc1
openssl -v
./mkcert.sh genct server.example embeddedSCTs1-key embeddedSCTs1 embeddedSCTs1_issuer-key embeddedSCTs1_issuer ct-server-key// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
// cfg_exp074_sc1_cmd1.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = server.exampleopenssl req -new -sha256 -key embeddedSCTs1-key.pem -config cfg_exp074_sc1_cmd1.txt -out req_exp074_sc1_cmd1.pem// cmd 2
// cfg_exp074_sc1_cmd2.txt
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
1.3.6.1.4.1.11129.2.4.3 = critical,ASN1:NULL
subjectAltName = @alts
[alts]
DNS=server.example// ok
openssl x509 -req -sha256 -out embeddedSCTs1.pem -extfile cfg_exp074_sc1_cmd2.txt -CA embeddedSCTs1_issuer.pem -CAkey embeddedSCTs1_issuer-key.pem -set_serial 2 -days 36525 -in req_exp074_sc1_cmd1.pem// cmd 3
// cfg_exp074_sc1_cmd3.txt
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
1.3.6.1.4.1.11129.2.4.2 = ASN1:FORMAT:HEX,OCT:00780076subjectAltName = @alts
DNS=server.example
[alts]// err
openssl x509 -req -sha256 -out embeddedSCTs1.pem -extfile cfg_exp074_sc1_cmd3.txt -CA embeddedSCTs1_issuer.pem -CAkey embeddedSCTs1_issuer-key.pem -set_serial 2 -days 36525 -in req_exp074_sc1_cmd1.pem报错如下:
Error checking extension section default
88140400:error:07800066:common libcrypto routines:hexstr2buf_sep:illegal hex digit:crypto\o_str.c:158:
88140400:error:068000B2:asn1 encoding routines:asn1_str2type:illegal hex:crypto\asn1\asn1_gen.c:696:string=00780076subjectAltName = @alts
88140400:error:11000074:X509 V3 routines:v3_generic_extension:extension value error:crypto\x509\v3_conf.c:260:value=FORMAT:HEX,OCT:00780076subjectAltName = @alts原因 [alts]节中是空的, 没写内容// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------openssl -v 
openssl req -new -sha256 -key embeddedSCTs1-key.pem -config /dev/fd/63 -config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtstring_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = server.example
openssl x509 -req -sha256 -out embeddedSCTs1.pem -extfile /dev/fd/63 -CA embeddedSCTs1_issuer.pem -CAkey embeddedSCTs1_issuer-key.pem -set_serial 2 -days 36525 -extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtsubjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
1.3.6.1.4.1.11129.2.4.3 = critical,ASN1:NULL
subjectAltName = @alts
[alts]
DNS=server.example
openssl x509 -req -sha256 -out embeddedSCTs1.pem -extfile /dev/fd/63 -CA embeddedSCTs1_issuer.pem -CAkey embeddedSCTs1_issuer-key.pem -set_serial 2 -days 36525 -extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtsubjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
1.3.6.1.4.1.11129.2.4.2 = ASN1:FORMAT:HEX,OCT:00780076subjectAltName = @alts
DNS=server.example
[alts]

setup074_sc2.sh

/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\074\my_openssl_linux_doc_074_sc2.txt
* \note 
*/// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash# \file setup074.sh# openssl3.2/test/certs - 074 - CT entry# sc2
openssl -v
OPENSSL_SIGALG= OPENSSL_KEYALG=ed448 ./mkcert.sh genroot "Root Ed448" root-ed448-key root-ed448-cert// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
openssl genpkey -algorithm ed448 -out root-ed448-key.pem // cmd 2
// cfg_exp074_sc2_cmd2.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root Ed448openssl req -new -sha256 -key root-ed448-key.pem -config cfg_exp074_sc2_cmd2.txt -out req_exp074_sc2_cmd2.pem// cmd 3
// cfg_exp074_sc2_cmd3.txt
basicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyidopenssl x509 -req -sha256 -out root-ed448-cert.pem -extfile cfg_exp074_sc2_cmd3.txt -signkey root-ed448-key.pem -set_serial 1 -days 36525 -in req_exp074_sc2_cmd2.pem// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------
openssl genpkey -algorithm ed448 -out root-ed448-key.pem 
openssl req -new -sha256 -key root-ed448-key.pem -config /dev/fd/63 -config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtstring_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root Ed448
openssl x509 -req -sha256 -out root-ed448-cert.pem -extfile /dev/fd/63 -signkey root-ed448-key.pem -set_serial 1 -days 36525 -extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtbasicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid

setup074_sc3.sh

/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\074\my_openssl_linux_doc_074_sc3.txt
* \note 
*/// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash# \file setup074.sh# openssl3.2/test/certs - 074 - CT entry# sc3
openssl -v
OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 server-ed448-key server-ed448-cert root-ed448-key root-ed448-cert// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
openssl genpkey -algorithm ed448 -out server-ed448-key.pem // cmd 2
// cfg_exp074_sc3_cmd2.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = ed448// 这里只生成了一个证书请求, 这是干啥?
openssl req -new -ED448 -key server-ed448-key.pem -config cfg_exp074_sc3_cmd2.txt// 报错 : req: Unknown option or message digest: ED448
// 官方脚本单独运行, 是看不到任何报错信息的.// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------
openssl genpkey -algorithm ed448 -out server-ed448-key.pem 
openssl req -new -ED448 -key server-ed448-key.pem -config /dev/fd/63 -config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtstring_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = ed448

END

相关文章:

  • Spring MVC 基本知识
  • 【Docker】Docker学习⑨ - 单机编排之Docker Compose
  • 嵌入式学习第十三天
  • 林浩然的Java奇幻之旅:编码舞蹈、编程精灵与IDE仙境
  • ###C语言程序设计-----C语言学习(6)#
  • 【运维】Ubuntu18.04系统docker方式安装ElasticSearch和kibana
  • Linux CPU 负载说明
  • 在linux、window环境搭建kafka环境
  • C语言——O / 动态内存管理
  • 实习记录——第五天
  • 一些反序列化总结
  • C语言指针进阶之三——函数指针、函数指针数组、指向函数指针数组的指针
  • kali系统入侵电脑windows(win11系统)渗透测试,骇入电脑教学
  • diff命令详解
  • PalWorld/幻兽帕鲁Ubuntu 22.04 LTS 一键部署脚本
  • -------------------- 第二讲-------- 第一节------在此给出链表的基本操作
  • express.js的介绍及使用
  • ubuntu 下nginx安装 并支持https协议
  • vue的全局变量和全局拦截请求器
  • Xmanager 远程桌面 CentOS 7
  • 从tcpdump抓包看TCP/IP协议
  • 动手做个聊天室,前端工程师百无聊赖的人生
  • 前端面试之闭包
  • 前言-如何学习区块链
  • 实习面试笔记
  • 通过获取异步加载JS文件进度实现一个canvas环形loading图
  • 原创:新手布局福音!微信小程序使用flex的一些基础样式属性(一)
  • 【运维趟坑回忆录】vpc迁移 - 吃螃蟹之路
  • ionic入门之数据绑定显示-1
  • # Maven错误Error executing Maven
  • #、%和$符号在OGNL表达式中经常出现
  • #DBA杂记1
  • %3cscript放入php,跟bWAPP学WEB安全(PHP代码)--XSS跨站脚本攻击
  • (27)4.8 习题课
  • (7)STL算法之交换赋值
  • (DenseNet)Densely Connected Convolutional Networks--Gao Huang
  • (done) NLP “bag-of-words“ 方法 (带有二元分类和多元分类两个例子)词袋模型、BoW
  • (js)循环条件满足时终止循环
  • **PHP分步表单提交思路(分页表单提交)
  • ./indexer: error while loading shared libraries: libmysqlclient.so.18: cannot open shared object fil
  • .gitignore
  • .NET 4 并行(多核)“.NET研究”编程系列之二 从Task开始
  • .net 程序发生了一个不可捕获的异常
  • .NET/C# 使用反射注册事件
  • .NET框架类在ASP.NET中的使用(2) ——QA
  • .NET连接MongoDB数据库实例教程
  • /usr/local/nginx/logs/nginx.pid failed (2: No such file or directory)
  • @ 代码随想录算法训练营第8周(C语言)|Day57(动态规划)
  • @Autowired标签与 @Resource标签 的区别
  • [ Linux ] git工具的基本使用(仓库的构建,提交)
  • [ vulhub漏洞复现篇 ] Hadoop-yarn-RPC 未授权访问漏洞复现
  • [ 蓝桥杯Web真题 ]-Markdown 文档解析
  • [Android]竖直滑动选择器WheelView的实现
  • [Angular 基础] - 指令(directives)
  • [c]扫雷