Per quanto ho capito, stai cercando qualcosa del tipo:
file di configurazione: openssl.cfg
# use 'ca' as the default section because we're usign the ca command
[ ca ]
default_ca = custom_ca
[ custom_ca ]
dir = ./demoCA
serial = $dir/serial # a text file containing the next serial number to use in hex. Mandatory.
# This file must be present and contain a valid serial number.
database = $dir/index.txt # the text database file to use. Mandatory. This file must be present though
new_certs_dir = $dir/newcerts # specifies the directory where new certificates will be placed. Mandatory.
certificate = ./ca.crt # the file containing the CA certificate. Mandatory
private_key = ./ca.key # the file contaning the CA private key. Mandatory
default_days = 365 # how long to certify for
default_md = sha256 # the message digest algorithm. Remember to not use MD5
policy = custom_policy # a section with a set of variables corresponding to DN fields
[ custom_policy ]
# if the value is "match" then the field value must match the same field in the
# CA certificate. If the value is "supplied" then it must be present.
# Optional means it may be present. Any fields not mentioned are silently
# deleted.
countryName = match # C
stateOrProvinceName = match # ST
localityName = match # L
-
$ openssl req -nodes -newkey rsa:2048 -keyout ca.key -out ca.csr -subj "/C=US/ST=California/L=Los Angeles"
$ openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
$ openssl req -nodes -newkey rsa:2048 -keyout new_server.key -out new_server.csr -subj "/C=US/ST=California/L=Los Angeles"
$ mkdir ./demoCA
$ mkdir ./demoCA/newcerts
$ > ./demoCA/index.txt
$ echo 00 > ./demoCA/serial
$ openssl ca -config ./openssl.cfg -out new_server.crt -startdate 00000101000000Z -enddate 99991231235959Z -cert ca.crt -keyfile ca.key -infiles new_server.csr
Se hai un segmentation fault 11
, devi modificare index.txt.attr
da unique_subject = yes
a unique_subject = no
:
$ cat demoCA/index.txt.attr
unique_subject = no
$ openssl req -text -noout -in ca.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=California, L=Los Angeles
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:d7:f8:b3:3c:66:7d:ca:2d:fc:05:ea:93:2b:
ee:db:a8:f3:69:fd:6a:7a:6b:4f:52:ae:5c:ba:46:
dc:72:35:58:17:48:59:60:76:72:db:5f:ba:50:d7:
05:6b:45:b5:84:27:05:b0:86:7a:41:ff:04:32:14:
1e:73:1a:78:b4:36:95:e4:dd:04:73:47:ae:19:e9:
ed:0c:f7:52:a7:8a:1e:43:96:86:a4:59:d0:51:9b:
a9:50:19:38:e0:ff:cd:f8:ed:6c:76:ef:6f:fc:33:
33:16:15:d5:27:31:15:6f:c0:b7:9e:2f:22:fa:77:
d7:d6:06:a8:51:87:b9:7f:c3:35:0e:33:f5:04:a8:
d2:f5:5a:29:c4:1f:e9:db:d0:7e:e7:d0:a2:fc:8e:
c7:8b:5a:ca:b5:7d:c1:29:e9:6d:c1:20:01:6f:68:
d9:06:27:87:7b:fc:02:e7:4a:d9:32:5d:6b:18:0b:
c6:57:b7:06:c8:b9:08:b6:bc:c4:52:76:c3:b8:58:
49:9f:46:ca:ef:96:17:88:3c:6a:cf:a9:a9:51:2e:
ff:a9:20:52:d0:6b:0e:1c:c9:20:46:3c:28:d5:1d:
1d:c0:46:15:18:a6:6a:4d:ec:02:44:7e:78:f7:47:
ff:49:49:77:1d:15:c6:6d:07:a2:74:c6:fc:70:2a:
d6:e9
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
58:fb:28:e1:99:d0:b5:7b:5d:3d:16:e9:ab:f2:b2:9f:e9:28:
0f:a0:65:ab:ea:00:69:4b:44:1c:2f:1e:aa:38:60:2a:19:16:
12:19:5c:67:83:5f:fe:21:d9:eb:dd:cb:ec:be:af:d5:5a:31:
05:99:73:9a:1f:8e:39:0f:1a:7e:68:7f:d0:ad:6f:76:8f:d2:
83:e0:bf:27:a2:5c:c2:ca:09:33:e2:88:56:ac:4e:5b:51:58:
62:d2:57:71:49:02:5b:bd:09:08:a8:fc:70:05:19:f2:8d:b9:
86:19:4a:d6:53:51:f7:6c:c3:dd:c7:50:24:b0:20:5d:07:3d:
6a:e0:60:d1:d0:4b:ab:a0:ad:ab:c6:62:5a:a8:79:4d:d9:f0:
46:a7:27:c5:e1:62:2d:a7:88:2f:30:a4:8b:a6:05:c9:d1:af:
09:c6:db:08:48:d7:72:4a:89:c9:09:15:de:31:8a:97:17:ea:
45:0e:f1:c5:a0:25:fe:a1:df:fb:35:6a:b0:56:a3:f6:fe:ae:
1b:fb:64:9c:95:43:bf:73:26:17:b0:5e:23:2c:9e:45:2f:05:
3d:0e:6d:32:3b:80:f4:a1:80:6e:fd:15:3d:ad:21:4d:4e:87:
da:74:c6:48:55:e4:03:5e:3e:9c:c7:ac:c2:40:3e:3f:b0:df:
9b:59:a1:12