我正在使用O'Reilly关于SSL的书,它使用openSSL作为例子。
创建配置文件后:
[ ca ]
default_ca = mobileCA
[ mobileCA ]
dir = /users/crodgers/src/sds2mobile/Server/CA
certificate = $dir/cacert.pem
database = $dir/index.txt
new_certs_dir = $dir/certs
private_key = $dir/private/key.pem
serial = $dir/serial
default_crl_days = 7
default_days = 365
default_md = md5
policy = mobile_CA_policy
x509_extensions = certificate_extensions
[ mobileCA_policy ]
commonName = SDS/2 Mobile Certificate
stateOrProvinceName = Nebraska
countryName = US
emailAddress = designdatamobiledevelopment@gmail.com
organizationName = Design Data
[ certificate_extensions ]
basicConstraints = CA:false
[ req ]
default_bits = 2048
default_keyfile = /users/crodgers/src/sds2mobile/Server/CA/private/key.pem
default_md = md5
prompt = no
distinguished_name = root_ca_distinguished_name
x509_extensions = root_ca_extensions
[ root_ca_distinguished_name ]
commonName = Root Certificate
stateOrProvinceName = Nebraska
countryName = US
emailAddress = designdatamobiledevelopment@gmail.com
organizationName = Design Data
[ root_ca_extensions ]
basicConstraints = CA:true
指示用户输入以下命令:
openssl req -x509 -newkey rsa -out cacert.pem -outform PEM
这应该创建一个自签名的根证书。
这个命令给了我-help输出。我假设命令中的某些内容不正确,但一直无法缩小范围。
目前正在使用Ubuntu 10.04和openSSL 0.9.8k
答案 0 :(得分:2)
您错过了RSA密钥大小,例如-newkey rsa:1024表示1024位密钥。