【发布时间】:2012-09-04 11:36:34
【问题描述】:
我正在使用 O'Reilly 的 SSL 书籍,其中使用了 openSSL 作为示例。
创建配置文件后:
[ ca ]
default_ca = mobileCA
[ mobileCA ]
dir = /users/crodgers/src/sds2mobile/Server/CA
certificate = $dir/cacert.pem
database = $dir/index.txt
new_certs_dir = $dir/certs
private_key = $dir/private/key.pem
serial = $dir/serial
default_crl_days = 7
default_days = 365
default_md = md5
policy = mobile_CA_policy
x509_extensions = certificate_extensions
[ mobileCA_policy ]
commonName = SDS/2 Mobile Certificate
stateOrProvinceName = Nebraska
countryName = US
emailAddress = designdatamobiledevelopment@gmail.com
organizationName = Design Data
[ certificate_extensions ]
basicConstraints = CA:false
[ req ]
default_bits = 2048
default_keyfile = /users/crodgers/src/sds2mobile/Server/CA/private/key.pem
default_md = md5
prompt = no
distinguished_name = root_ca_distinguished_name
x509_extensions = root_ca_extensions
[ root_ca_distinguished_name ]
commonName = Root Certificate
stateOrProvinceName = Nebraska
countryName = US
emailAddress = designdatamobiledevelopment@gmail.com
organizationName = Design Data
[ root_ca_extensions ]
basicConstraints = CA:true
指示用户输入以下命令:
openssl req -x509 -newkey rsa -out cacert.pem -outform PEM
这应该是创建一个自签名的根证书。
这个命令给了我 -help 输出。我假设命令中的某些内容不正确,但无法缩小范围。
目前在 Ubuntu 10.04 和 openSSL 0.9.8k 中工作
【问题讨论】:
标签: command-line openssl certificate pki