我在我的服务器上创建了自签名证书,但我想通过程序代码创建客户端证书,而不是 linux 命令。我使用openssl api PEM_write_X509(fp, x509) 创建一个client.crt 文件,最终结果是:
-----BEGIN CERTIFICATE-----
MIIDiDCCAnCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UEBhMCQ04x
DzANBgNVBAgMBmZ1amlhbjEPMA0GA1UEBwwGZnV6aG91MRcwFQYDVQQKDA5sYW5o
YWl0aWFud2FuZzEXMBUGA1UECwwObGFuaGFpdGlhbndhbmcxGjAYBgNVBAMMEWRh
dGEud2Fuc2hpcHMuY29tMSowKAYJKoZIhvcNAQkBFht3ZW5jaGVuZ0BsYW5oYWl0
aWFud2FuZy5jb20wHhcNMTcwNTExMDkxMDE3WhcNMjcwNTA5MDkxMDE3WjBsMQsw
CQYDVQQGEwJDTjEPMA0GA1UECAwGZnVqaWFuMRcwFQYDVQQKDA5sYW5oYWl0aWFu
d2FuZzEXMBUGA1UECwwObGFuaGFpdGlhbndhbmcxGjAYBgNVBAMMEWRhdGEud2Fu
c2hpcHMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYqJD7F1wVKbKl
QLbkZYXhVMosHd9CVYNauaCJlU6HP9lTox8QCE201vTkfzQasADosBTDB3txm6RB
wq5pAM2xCtk634GIEj4p+BarOUFcR4ZWgv+qO/XAi/45kbrYT5ItxJBtU/tU5p47
80ZXkeqMYNHMxR2FRPY5feijF4UxKwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUg86QuULuqFwOy7y3jgQprT8myRwwHwYDVR0jBBgwFoAUDGbHscvgKDbCbKDU
1pIGhy7uODYwDQYJKoZIhvcNAQEFBQADggEBAIvjmzE3dW4aQ33actg54f/TDAgz
Sj9N9aENK530eXjlda4J9GB24rGOR6pnPHRQsUxQNKZx217k+LKFZaCgsQAKvipM
BWdUFvSfSRuKUKnAJitFV5Z5UrkoPRpAIoSDrxoyh6FWl9hQCfPfbvLpJuM/kxuI
2FdoWzEWQE75W2tlAx1d7qKYgMB7saYjzETxXoQCwcfp2ruKAaKe/n5cI1Beouj+
rRmjinOYjSwe8X3kR33v1FInnAUfOho89nper48NaV4+Uk9+Ze7m9IB1xDqnUE8P
NCX/nU80jt9O3ya5jqth1feUs9yIDx9YSF1Db0QTFrQJbp3B4t1Ov9WsVEc=
-----END CERTIFICATE-----
但我需要的效果是:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=AA, ST=ab, L=abc, O=abc, OU=abc, CN=10.1.1.12/emailAddress=aaaa@abc.com
Validity
Not Before: May 11 09:10:17 2017 GMT
Not After : May 9 09:10:17 2027 GMT
Subject: C=AA, ST=ab, O=abc, OU=abc, CN=10.1.1.12
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d8:a8:90:fb:17:5c:15:29:b2:a5:40:b6:e4:65:
85:e1:54:ca:2c:1d:df:42:55:83:5a:b9:a0:89:95:
4e:87:3f:d9:53:a3:1f:10:08:4d:b4:d6:f4:e4:7f:
34:1a:b0:00:e8:b0:14:c3:07:7b:71:9b:a4:41:c2:
ae:69:00:cd:b1:0a:d9:3a:df:81:88:12:3e:29:f8:
16:ab:39:41:5c:47:86:56:82:ff:aa:3b:f5:c0:8b:
fe:39:91:ba:d8:4f:92:2d:c4:90:6d:53:fb:54:e6:
9e:3b:f3:46:57:91:ea:8c:60:d1:cc:c5:1d:85:44:
f6:39:7d:e8:a3:17:85:31:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
83:CE:90:B9:42:EE:A8:5C:0E:CB:BC:B7:8E:04:29:AD:3F:26:C9:1C
X509v3 Authority Key Identifier:
keyid:0C:66:C7:B1:CB:E0:28:36:C2:6C:A0:D4:D6:92:06:87:2E:EE:38:36
Signature Algorithm: sha1WithRSAEncryption
8b:e3:9b:31:37:75:6e:1a:43:7d:da:72:d8:39:e1:ff:d3:0c:
08:33:4a:3f:4d:f5:a1:0d:2b:9d:f4:79:78:e5:75:ae:09:f4:
60:76:e2:b1:8e:47:aa:67:3c:74:50:b1:4c:50:34:a6:71:db:
5e:e4:f8:b2:85:65:a0:a0:b1:00:0a:be:2a:4c:05:67:54:16:
f4:9f:49:1b:8a:50:a9:c0:26:2b:45:57:96:79:52:b9:28:3d:
1a:40:22:84:83:af:1a:32:87:a1:56:97:d8:50:09:f3:df:6e:
f2:e9:26:e3:3f:93:1b:88:d8:57:68:5b:31:16:40:4e:f9:5b:
6b:65:03:1d:5d:ee:a2:98:80:c0:7b:b1:a6:23:cc:44:f1:5e:
84:02:c1:c7:e9:da:bb:8a:01:a2:9e:fe:7e:5c:23:50:5e:a2:
e8:fe:ad:19:a3:8a:73:98:8d:2c:1e:f1:7d:e4:47:7d:ef:d4:
52:27:9c:05:1f:3a:1a:3c:f6:7a:5e:af:8f:0d:69:5e:3e:52:
4f:7e:65:ee:e6:f4:80:75:c4:3a:a7:50:4f:0f:34:25:ff:9d:
4f:34:8e:df:4e:df:26:b9:8e:ab:61:d5:f7:94:b3:dc:88:0f:
1f:58:48:5d:43:6f:44:13:16:b4:09:6e:9d:c1:e2:dd:4e:bf:
d5:ac:54:47
-----BEGIN CERTIFICATE-----
MIIDiDCCAnCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UEBhMCQ04x
DzANBgNVBAgMBmZ1amlhbjEPMA0GA1UEBwwGZnV6aG91MRcwFQYDVQQKDA5sYW5o
YWl0aWFud2FuZzEXMBUGA1UECwwObGFuaGFpdGlhbndhbmcxGjAYBgNVBAMMEWRh
dGEud2Fuc2hpcHMuY29tMSowKAYJKoZIhvcNAQkBFht3ZW5jaGVuZ0BsYW5oYWl0
aWFud2FuZy5jb20wHhcNMTcwNTExMDkxMDE3WhcNMjcwNTA5MDkxMDE3WjBsMQsw
CQYDVQQGEwJDTjEPMA0GA1UECAwGZnVqaWFuMRcwFQYDVQQKDA5sYW5oYWl0aWFu
d2FuZzEXMBUGA1UECwwObGFuaGFpdGlhbndhbmcxGjAYBgNVBAMMEWRhdGEud2Fu
c2hpcHMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYqJD7F1wVKbKl
QLbkZYXhVMosHd9CVYNauaCJlU6HP9lTox8QCE201vTkfzQasADosBTDB3txm6RB
wq5pAM2xCtk634GIEj4p+BarOUFcR4ZWgv+qO/XAi/45kbrYT5ItxJBtU/tU5p47
80ZXkeqMYNHMxR2FRPY5feijF4UxKwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUg86QuULuqFwOy7y3jgQprT8myRwwHwYDVR0jBBgwFoAUDGbHscvgKDbCbKDU
1pIGhy7uODYwDQYJKoZIhvcNAQEFBQADggEBAIvjmzE3dW4aQ33actg54f/TDAgz
Sj9N9aENK530eXjlda4J9GB24rGOR6pnPHRQsUxQNKZx217k+LKFZaCgsQAKvipM
BWdUFvSfSRuKUKnAJitFV5Z5UrkoPRpAIoSDrxoyh6FWl9hQCfPfbvLpJuM/kxuI
2FdoWzEWQE75W2tlAx1d7qKYgMB7saYjzETxXoQCwcfp2ruKAaKe/n5cI1Beouj+
rRmjinOYjSwe8X3kR33v1FInnAUfOho89nper48NaV4+Uk9+Ze7m9IB1xDqnUE8P
NCX/nU80jt9O3ya5jqth1feUs9yIDx9YSF1Db0QTFrQJbp3B4t1Ov9WsVEc=
-----END CERTIFICATE-----
我该怎么做?我应该在 OpenSSL API 中使用什么方法?
谢谢
最佳答案
您可以使用专为此目的设计的函数 X509_print_ex():
X509 *x509 = NULL;
RSA *rsa = NULL;
PEM_read_X509(stdin, &x509, NULL, NULL);
x509_print_ex_fp(stdout, x509, XN_FLAG_COMPAT, XN_FLAG_COMPAT);
关于c - 我如何创建一个包含 'Signature Algorithm' 的证书文件使用 openssl api,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44155498/