通过p12证书连接到wpa2企业网络

时间:2013-10-23 10:04:03

标签: c openssl certificate x509certificate freeradius

我有一个使用radius服务器的wpa2企业网络 我有一个client.p12证书,我已成功将我的Windows PC连接到网络 我需要将嵌入式设备连接到同一个设备,这需要将证书文本粘贴到三个文件cacert.h , client-key.h and client-cert.h.中 如何将client.p12文件分解为上述文件。
我已经使用openssl获取了client-key.h和client-cert.h文件 如何获取cacert.h文件?
除此之外,我还需要更多连接到网络吗? client-key.h文件的内容

    static unsigned char client_key[] = { "\
    -----BEGIN PRIVATE KEY-----\n\
    MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANsp73rNO2njvl9J\n\
    TYuP6bBOfyVNO3wzkBblw+wtnCuqq1Np5/ZD5i6emhNNXNGIOnODrmZR1udCbMyn\n\        
    puLdkvei6LLHxbKOheHwCgij0QqZ1mB9PHbGEPW3+Pmxuquhy/LVegGNweGRCTe6\n\
    yCte7x+DUO9p5YFabGIPCcD6lL4nAgMBAAECgYBAgTo8AZXAF8jbUL7jGctlGeVw\n\
    PCgK6T46jwu4QsBZVdUxKtWb9OYVyJZ+oeF0xky13QcClInU7QcKwTlsQlzTvE0s\n\
    Nh30lrgh3vbHx2TtXHRzuRXq5Tfw1FBoOKjRLriGs+knUkaNj28MpfGulJG+t8Rt\n\
    o5UI+S7IAlHvkQRiKQJBAPu8M8VHEtP1TZbGItHoy4MZ46//JeUnvKZWoNW4um3y\n\
    Y9cft0sWF4WVXxxu7MaF1qQVwfd7rUKp69VtWwV5J0UCQQDe4HfnzYP37I7/ti9K\n\
    VuxfsaRfAjQafH/lrL6/COKtEK8ea1deBqMQywBGWiPZbPGhK5Pnui6Tv4a1EOm7\n\
    4WB7AkBQcM1iRtnfXU2T1nCd/vO5SvaU8MVdOptv09LFOKhqJcB9p6bcmYyepSKl\n\
    ZVTIA1CZUlKPELhGyyGPK8igMRy5AkEAn6VqPkCYJx7rz39QoI9jAajddLC/YbmM\n\
    Y5g5id1zgURSLBf3nQJkC8NdjwdCZpwC+M+eQn66nlqyw0A6LLpjwQJBAI/aZbb7\n\
    EMa/64dIjKWS8FIDECBWmyxt2Fh6vJI1uoWU2Fbt9Z2r6Z4JxhWe56kcHnasuDql\n\
    ae+oK/9MXLpdc0c=\n\
    -----END PRIVATE KEY-----\n\
    " };

    unsigned int client_key_size = sizeof(client_key);

文件client-cert.h的内容

    static unsigned char client_cert[] = { "\
    -----BEGIN CERTIFICATE-----\n\
    MIIECDCCA3GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMx\n\
    EzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRAwDgYD\n\
    VQQKEwdNYXJ2ZWxsMQswCQYDVQQLEwJCVTETMBEGA1UEAxMKTWFydmVsbCBDQTEQ\n\
    MA4GA1UEKRMHRWFzeVJTQTEeMBwGCSqGSIb3DQEJARYPYWJjQG1hcnZlbGwuY29t\n\
    MB4XDTEzMDkxMDExMTgzNVoXDTIzMDkwODExMTgzNVowgZsxCzAJBgNVBAYTAlVT\n\
    MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTEQMA4G\n\
    A1UEChMHTWFydmVsbDELMAkGA1UECxMCQlUxEDAOBgNVBAMTB2NsaWVudDExEDAO\n\
    BgNVBCkTB0Vhc3lSU0ExHjAcBgkqhkiG9w0BCQEWD2FiY0BtYXJ2ZWxsLmNvbTCB\n\
    nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2ynves07aeO+X0lNi4/psE5/JU07\n\
    fDOQFuXD7C2cK6qrU2nn9kPmLp6aE01c0Yg6c4OuZlHW50JszKem4t2S96LossfF\n\
    so6F4fAKCKPRCpnWYH08dsYQ9bf4+bG6q6HL8tV6AY3B4ZEJN7rIK17vH4NQ72nl\n\
    gVpsYg8JwPqUvicCAwEAAaOCAVUwggFRMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgEN\n\
    BCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUBt/C\n\
    cmVQ/aUU0dOMWkXArG03IZQwgdMGA1UdIwSByzCByIAUtqXThrziw2LZKlnp8Ff/\n\
    QHPtRcmhgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\n\
    MRQwEgYDVQQHEwtTYW50YSBDbGFyYTEQMA4GA1UEChMHTWFydmVsbDELMAkGA1UE\n\
    CxMCQlUxEzARBgNVBAMTCk1hcnZlbGwgQ0ExEDAOBgNVBCkTB0Vhc3lSU0ExHjAc\n\
    BgkqhkiG9w0BCQEWD2FiY0BtYXJ2ZWxsLmNvbYIJAOt7HbxXB0MCMBMGA1UdJQQM\n\
    MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOBgQAvwYD4\n\
    r7Ie0ZWRuzkI+zzG3WiLYt8pYHYAG0wDPNYt1aqT7QUyZSludQfWuq9JGimBciqq\n\
    IM6rtpkqWiNJ8S/n5FK8dj+OGA2t/sgGREgUaXOtUDDu4fgJi+ejUbykaI+yiHyr\n\
    Ayi0mm2qbJxojMdbtl1KNosyA8T8wJwMMXqSsg==\n\
    -----END CERTIFICATE-----\n\
    " };

    unsigned int client_cert_size = sizeof(client_cert);

文件内容cacert.h 

    static unsigned char ca_cert[] = { "\
    -----BEGIN CERTIFICATE-----\n\
    MIIDxTCCAy6gAwIBAgIJAOt7HbxXB0MCMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD\n\
    VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xh\n\
    cmExEDAOBgNVBAoTB01hcnZlbGwxCzAJBgNVBAsTAkJVMRMwEQYDVQQDEwpNYXJ2\n\
    ZWxsIENBMRAwDgYDVQQpEwdFYXN5UlNBMR4wHAYJKoZIhvcNAQkBFg9hYmNAbWFy\n\
    dmVsbC5jb20wHhcNMTMwOTEwMTExODIxWhcNMjMwOTA4MTExODIxWjCBnjELMAkG\n\
    A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENs\n\
    YXJhMRAwDgYDVQQKEwdNYXJ2ZWxsMQswCQYDVQQLEwJCVTETMBEGA1UEAxMKTWFy\n\
    dmVsbCBDQTEQMA4GA1UEKRMHRWFzeVJTQTEeMBwGCSqGSIb3DQEJARYPYWJjQG1h\n\
    cnZlbGwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCuY7iZthDy4lM/\n\
    0Mr6HZF6C3qNIKxlR1rXMxvDlq3D1ynjGAaPZo5QmAMx1wD5BDvyWUEbite9Z/lH\n\
    B3/Xr1weS89lh/IRoFty4ads1131haFgK99XrchyRW4nWgYwoZ5UaeMF2/9czsr+\n\
    hPb3QgUkJY6jpcWp126iFb172DY12wIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFLal\n\
    04a84sNi2SpZ6fBX/0Bz7UXJMIHTBgNVHSMEgcswgciAFLal04a84sNi2SpZ6fBX\n\
    /0Bz7UXJoYGkpIGhMIGeMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p\n\
    YTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExEDAOBgNVBAoTB01hcnZlbGwxCzAJBgNV\n\
    BAsTAkJVMRMwEQYDVQQDEwpNYXJ2ZWxsIENBMRAwDgYDVQQpEwdFYXN5UlNBMR4w\n\
    HAYJKoZIhvcNAQkBFg9hYmNAbWFydmVsbC5jb22CCQDrex28VwdDAjAMBgNVHRME\n\
    BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAKyjrP0qFCWDn67khOQ0z97E+tgMVvdM\n\
    9uWU4kmMXG0BtYL/83E8hlS1zegc1dK96WYUnSe4O3ZJ1KhBfGyONdhB/0tZDySr\n\
    429x0lc8/RavorNv6HwehdsP3SWo4D1TUTF/smOOhlDaRWbSnySeB8RC3V46m45I\n\
    XCK42k05eeQ0\n\
    -----END CERTIFICATE-----\n\
    " };

    unsigned int ca_cert_size = sizeof(ca_cert);

1 个答案:

答案 0 :(得分:0)

.h文件包含证书/密钥的“修改”PEM格式。我说“修改”因为他们在每一行的末尾加上“\ n \”。

要从p12文件中获取PEM文件,您需要使用此openssl命令:

openssl pkcs12 -in client.p12 -nodes -out client.pem

它会提示您“输入导入密码”。这是保护client.p12文件的密码。

输出client.pem文件应包含PEM格式的私钥,客户端证书和CA证书。您可以从文件中复制不同的部分,并将它们粘贴到.h文件中的相应位置。然后,您需要返回并在行尾添加“\ n \”,就像您在问题中的示例文件中一样。

唯一棘手的部分是不将CA证书与客户端证书混淆。您可以查看“主题”和“发行人”字段来计算出来。

相关问题
最新问题