openSSL命令行的问题

时间:2012-09-11 13:57:04

标签: command-line openssl certificate pki

我正在使用O'Reilly关于SSL的书,它使用openSSL作为例子。

创建配置文件后:

[ ca ]
default_ca = mobileCA

[ mobileCA ]
dir = /users/crodgers/src/sds2mobile/Server/CA
certificate = $dir/cacert.pem
database = $dir/index.txt
new_certs_dir = $dir/certs
private_key = $dir/private/key.pem
serial = $dir/serial

default_crl_days = 7
default_days = 365
default_md = md5

policy = mobile_CA_policy
x509_extensions = certificate_extensions

[ mobileCA_policy ]
commonName = SDS/2 Mobile Certificate
stateOrProvinceName = Nebraska
countryName = US
emailAddress = designdatamobiledevelopment@gmail.com
organizationName = Design Data

[ certificate_extensions ]
basicConstraints = CA:false

[ req ]
default_bits = 2048
default_keyfile = /users/crodgers/src/sds2mobile/Server/CA/private/key.pem
default_md = md5

prompt = no
distinguished_name = root_ca_distinguished_name

x509_extensions = root_ca_extensions

[ root_ca_distinguished_name ]
commonName = Root Certificate
stateOrProvinceName = Nebraska
countryName = US
emailAddress = designdatamobiledevelopment@gmail.com
organizationName = Design Data

[ root_ca_extensions ]
basicConstraints = CA:true

指示用户输入以下命令:

openssl req -x509 -newkey rsa -out cacert.pem -outform PEM

这应该创建一个自签名的根证书。

这个命令给了我-help输出。我假设命令中的某些内容不正确,但一直无法缩小范围。

目前正在使用Ubuntu 10.04和openSSL 0.9.8k

1 个答案:

答案 0 :(得分:2)

您错过了RSA密钥大小,例如-newkey rsa:1024表示1024位密钥。