我从一些客户那里得到了一个CSR示例。他们询问如何使用openssl命令来创建这样的CSR。我可以创建CSR,但不能创建包含相同属性部分的类似CSR。
Certificate Request:
Data:
Version: 2 (0x1)
Subject: DC = WAPI, C = CN, O = HTKC001, OU = HTKC002, CN = HTKC002@AE
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Unable to load Public Key
6768:error:100D7010:elliptic curve routines:eckey_pub_decode:EC lib:../openssl-1.1.1d/crypto/ec/ec_ameth.c:151:
6768:error:0B09407D:x509 certificate routines:x509_pubkey_decode:public key decode error:../openssl-1.1.1d/crypto/x509/x_pubkey.c:125:
Attributes:
2.16.840.1.113732.2 :40:77:a9:a3:bb:f0
Signature Algorithm: 1.2.156.11235.1.1.1
30:35:02:19:00:af:0f:99:40:60:7d:8d:50:a6:43:27:41:01:
32:c3:f3:67:bf:b8:db:1f:89:8f:f9:02:18:6f:77:3d:7a:af:
fe:c1:fa:7b:cf:f5:c8:2e:ac:39:e2:04:d7:19:7e:10:39:8b:
29
这是我尝试过的命令:
openssl req -new -key server.key -out server.csr -sha256 -addext "2.16.840.1.113732.2 = 00:11:22:33:44:55"
openssl req -new -key server.key -out server.csr -sha256 -reqexts "2.16.840.1.113732.2=00:11:22:33:44:55"
我都犯了错误。
[ new_oids ]
....
xxxxx = 1.2.3.4.5
[ req_attributes ]
....
xxxxx = enter your new item xxxxx
最后,我更改了配置文件,并解决了问题。