需要使用类似的SAN生成CSR
主题备选名称:DirName:/SN=1345332443jff432/UD=1234577400003/title=0011/registeredAddress=示例E/businessCategory=示例业务
就在上周,我遇到了类似的问题,但需要对rootCA密钥进行额外签名:
function genExtfile() {
domain=$1
cat << EOF
authorityKeyIdentifier=keyid,issuern
keyUsage=critical,digitalSignature,keyEnciphermentn
extendedKeyUsage = serverAuth, clientAuthn
subjectAltName = @alt_namesn
[alt_names]n
DNS.1 = $domain
DNS.2 = $domain/foobar
EOF
}
extFile=$(genExtfile mydomain.com)
openssl x509 -req -in mydomain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial
-out mydomain.com.crt -days 4000 -sha512 -passin pass:rootCAPwd -extfile <(printf "$extFile")
除了title和registeredAddress之外,还可以使用边界城堡添加目录名。
这两个正在将错误作为无效OID抛出。。
GeneralName[] subjectAltNames = new GeneralName[] {
new GeneralName(GeneralName.directoryName, "SN=2222232444343jff432,UID=310175397400003," +
// "title=1011,registeredAddress=Sample E," +
"businessCategory=Sample Business") };
Extension subjectAltName =
Extension.create(Extension.subjectAlternativeName, false, new GeneralNames(subjectAltNames));
你知道如何添加无效OID吗?