How to give a multiline certificate name (CN) for a certificate generated using OpenSSL
我正在使用OpenSSL生成一个自签名证书,按照此处的步骤通过Windows中的OpenSSL为我的Android应用程序创建带有自签名证书的PKCS#12文件。
openssl req -x509 -days 365 -subj"/CN=MULTI LINE NEEDED HERE" -newkey
rsa:1024 -keyout mycert.pem -out mycert.pem
这里主题由cmd的提示填充,如Country,State等。我希望为CN属性赋予多行值。 我如何在命令行中执行此操作?
... what about the case when I want multiple domain names? like www.google.com and www.yahoo.com?
以下是如何向证书添加多个DNS名称。 您必须通过
在您的情况下,在
(我不确定这是答案还是评论。我还不清楚你是否想要通过将
第一
1 | $ touch example-com.conf |
第二
将以下内容添加到配置文件中。 调整它以适合您的口味。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | [ req ] default_bits = 2048 default_keyfile = server-key.pem distinguished_name = subject req_extensions = extensions x509_extensions = extensions string_mask = utf8only [ subject ] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = NY localityName = Locality Name (eg, city) localityName_default = New York organizationName = Organization Name (eg, company) organizationName_default = Example, LLC commonName = Common Name (e.g. server FQDN or YOUR name) commonName_default = Example, LLC emailAddress = Email Address emailAddress_default = [email protected] [ extensions ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth subjectAltName = @alternate_names nsComment ="OpenSSL Generated Certificate" [ alternate_names ] DNS.1 = example.com DNS.2 = www.example.com DNS.3 = mail.example.com DNS.4 = ftp.example.com |
第三
使用以下内容生成证书。 它会为每个请求生成一个新密钥。 调整它以适合您的口味。 例如,如果省略
1 2 | $ openssl req -config example-com.conf -new -x509 -newkey rsa:2048 -nodes \ -keyout example-com.key.pem -days 365 -out example-com.cert.pem |
第四
使用以下内容检查证书。
1 | $ openssl x509 -in example-com.cert.pem -text -noout |
您将在SAN中看到多个DNS名称。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 | $ openssl x509 -in example-com.cert.pem -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 15695764655789201623 (0xd9d28ecb727258d7) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=NY, L=New York, CN=Example, LLC/[email protected] Validity Not Before: May 10 22:34:14 2014 GMT Not After : May 10 22:34:14 2015 GMT Subject: C=US, ST=NY, L=New York, CN=Example, LLC/[email protected] Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:9a:a4:93:67:26:79:6f:dd:9a:25:0a:11:66:f6: 5a:04:36:66:5f:46:fd:b3:ee:08:ac:e4:92:88:12: 92:ea:ec:9b:62:6c:5d:ec:8c:4f:c6:0c:e9:99:c4: 77:70:3e:52:fc:25:9d:74:56:2d:49:08:9c:8f:b3: 82:ea:9e:b2:60:52:69:59:7f:c8:14:15:74:ef:f6: 80:6c:7f:1d:b4:b8:55:89:7f:d7:e4:0a:94:9e:3f: fe:b6:64:fa:7a:9a:f6:43:46:53:f2:e3:b0:8f:92: ca:83:6d:00:1d:57:9a:73:b9:f9:14:11:2b:fc:2d: 36:b5:ed:95:73:c3:28:7d:4b:86:97:88:85:cd:d6: 32:b7:e3:db:ea:3b:9a:7c:5a:c9:b0:6b:38:ac:e4: 44:e6:95:57:6a:f0:05:7a:5c:86:e0:46:4a:83:b2: 78:59:38:42:9c:84:c6:8b:ee:04:cc:8b:e5:29:3a: 45:6f:0e:8c:cd:6e:35:e9:f8:f7:fb:f2:a5:8a:e2: 53:77:b2:59:33:64:9a:1d:98:d6:4e:2d:e6:73:cb: 18:fc:86:4f:e7:bf:3b:14:79:92:32:e0:63:40:d3: 16:b6:33:f6:42:fc:59:6c:a4:8c:ed:86:68:3e:14: 64:da:16:66:85:42:ef:73:8a:c1:f9:6f:a2:b0:92: d0:fb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: B5:CE:04:1D:D9:10:85:FF:2E:FD:AA:AA:CB:36:7A:1E:14:66:69:EA X509v3 Authority Key Identifier: keyid:B5:CE:04:1D:D9:10:85:FF:2E:FD:AA:AA:CB:36:7A:1E:14:66:69:EA X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Subject Alternative Name: DNS:example.com, DNS:www.example.com, DNS:mail.example.com, DNS:ftp.example.com Netscape Comment: OpenSSL Generated Certificate Signature Algorithm: sha1WithRSAEncryption 32:a0:28:21:8b:a8:46:d5:89:5e:10:b7:b6:35:cb:a8:2e:4a: a4:10:3d:4c:1d:3f:8a:b2:7d:2e:53:e5:4f:b5:c7:9c:14:84: ad:11:51:01:f2:41:80:6e:23:10:ed:d6:cc:38:48:15:ff:d8: 17:6c:09:b0:1e:b7:ed:c0:1a:6d:41:74:48:63:05:46:85:61: bd:ac:ab:36:0e:70:a1:e5:2b:1d:3b:02:0b:00:31:74:d3:5e: 0c:88:9b:ac:e8:c7:3d:22:22:90:01:c3:c0:f0:1e:e5:0a:4c: b1:0f:ab:6b:39:5c:af:fc:34:53:ef:fd:38:35:9b:15:63:57: f9:89:f0:f6:b8:5a:c7:e1:a6:ab:03:b0:b5:5a:c9:f1:b6:02: 41:ba:f8:5b:58:f4:ed:4c:57:df:69:3f:55:25:57:4d:39:da: 94:8a:36:27:f1:a8:db:59:c3:47:65:9d:db:7c:5d:0f:39:4a: 6a:a8:b6:12:7b:2e:41:16:b5:ed:b9:33:aa:a0:74:d3:1c:3f: a4:4a:c8:0b:e3:37:13:f0:97:38:c5:4d:6c:62:d5:16:31:c3: c9:d9:48:91:d1:e6:3f:33:0e:24:0d:96:80:a3:80:b4:09:32: 30:4c:e2:c2:d8:d3:3d:76:98:f0:5e:70:e0:ec:4a:ba:2e:97: 44:4a:75:f2 |