openssl一套证书-配置文件和证书签发

dn-param 和 extend 配置文件

CA的dn-param 和 extend

CA的dn-param 和 extend

CI-csr.cnf 的内容如下:

#openssl x509 extfile params
extensions = extend
# This prevent the user to be prompted for values
prompt = no

distinguished_name = dn-param
[dn-param] # DN fields
CN = GSMA Test CI
OU = TESTCERT
O = RSPTEST
C = IT

# Extensions for the Test CI 
[extend] # openssl extensions
subjectKeyIdentifier = hash

basicConstraints = critical, CA:true

certificatePolicies=critical,2.23.146.1.2.1.0

keyUsage =critical, keyCertSign, cRLSign

subjectAltName = RID:2.999.1

crlDistributionPoints=URI:http://ci.test.gsma.com/CRL-A.crl, URI:http://ci.test.gsma.com/CRL-B.crl

EUM

EUM的dn-param 

EUM-csr.cnf 内容如下:

# openssl EMU certificate request configuration file

[req] 
prompt = no

distinguished_name = dn-name
[dn-name] 

countryName		= DE
organizationName	= RSP Test EUM
commonName		= EUM Test 

EUM的 extend

EUM-ext.cnf内容如下:


# openssl EUM certificate creation configuration file
# 2017-01-31

authorityKeyIdentifier=keyid, issuer
subjectKeyIdentifier=hash
keyUsage=critical, keyCertSign
certificatePolicies=critical,2.23.146.1.2.1.2   #OID id-rspRole-eum
subjectAltName=RID:2.999.5
basicConstraints=critical,CA:TRUE, pathlen:0
crlDistributionPoints=URI:http://ci.test.gsma.com/CRL-B.crl

nameConstraints=critical,DER:30:32:A0:30:30:2E:A4:2C:30:2A:31:15:30:13:06:03:55:04:0A:0C:0C:52:53:50:20:54:65:73:74:20:45:55:4D:31:11:30:0F:06:03:55:04:05:13:08:38:39:30:34:39:30:33:32


AUTH

dp auth的dn-param 

DSauth-csr.cnf:

#openssl x509 extfile params
extensions = extend
# This prevent the user to be prompted for values
prompt = no

distinguished_name = dn-param
[dn-param] # DN fields
O = ACME
CN = TEST SM-DP+

[extend] # openssl extensions

dp auth的extend

DSauth-ext.cnf:

# openssl x509 extfile params
extensions = extend
# This prevent the user to be prompted for values
prompt = no

[extend] # openssl extensions
authorityKeyIdentifier=keyid,issuer

subjectKeyIdentifier=hash

subjectAltName = RID:2.999.10

keyUsage =critical, digitalSignature

certificatePolicies=critical,2.23.146.1.2.1.4

crlDistributionPoints=URI:http://ci.test.gsma.com/CRL-A.crl, URI:http://ci.test.gsma.com/CRL-B.crl

TLS

TLS的dn-param 

CERT_S_SM_DP_TLS.csr.cnf:

[ req ]
prompt              = no
distinguished_name  = req_distinguished_name

[ req_distinguished_name ]
O       = myo

# shall be aligned with SGP.23 value #TEST_DP_ADDRESS1
CN      = xxx.xxx.com

TLS的extend

CERT_S_SM_DP_TLS.ext.cnf

######################################################################################################################################################################
# Extensions for a DPTLS
keyUsage = critical, digitalSignature
extendedKeyUsage = critical, serverAuth, clientAuth
certificatePolicies = 2.23.146.1.2.1.3
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer

# RID shall be aligend with SGP.23 value SM-DP+OID 
# DNS name shall be aligned with SGP.23 value #TEST_DP_ADDRESS1
subjectAltName =  DNS:testsmdpplus1.gsma.com, RID:2.999.10

crlDistributionPoints=URI:http://ci.test.gsma.com/CRL-A.crl, URI:http://ci.test.gsma.com/CRL-B.crl

euicc

euicc的dn-param 

# openssl-eUICC.cnf
#
# use: openssl req -new -nodes -sha256 -config eUICC-csr.cnf -key euiccPrKey.pem -out eUICC.csr
#

[req]
prompt = no

distinguished_name  = dn-name
 
[dn-name]
countryName			= DE
organizationName		= RSP Test EUM
serialNumber                    = 89049032123451234512345678901235
commonName			= Test eUICC

euicc的extend


#eUICC certificate creation configuration
#
# use openssl x509 -req -in eUICC.csr -CA ..\EUM-cert.pem -CAkey ..\eumPrivKey.pem -set_serial 0x020000000000000001 -days 2915731 -sha256 -extfile euicc-ext.cnf -out eUICC-cert.pem 
#

authorityKeyIdentifier=keyid
subjectKeyIdentifier=hash
keyUsage = critical, digitalSignature
certificatePolicies=critical,2.23.146.1.2.1.1  #OID id-rspRole-e

openssl 版本

 

你可能感兴趣的:(x509证书,https,网络协议,http,安全,系统安全)