我遵循CSR:
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, CN=www.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:e5:1d:a3:b2:47:1b:7c:05:f3:f3:36:b6:b2:0f:
79:27:0f:80:4c:39:1b:8c:6c:38:eb:43:f3:b4:33:
f4:7a:c5:de:2c:f7:28:69:e5:d1:88:6b:41:6c:5f:
b6:55:b5:2a:29:69:a4:da:fa:17:ac:6a:a0:5f:30:
9d:07:55:4f:52
ASN1 OID: prime256v1
NIST CURVE: P-256
Attributes:
Requested Extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
Code Signing
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:b4:d8:73:e3:c0:2c:38:7d:44:c6:ed:c2:30:
fb:0d:ca:99:74:fb:b9:2e:7e:72:d0:1a:6f:b5:89:8c:c2:e9:
bd:02:20:45:91:99:3a:71:6c:f0:72:48:2f:c7:4c:93:d3:89:
69:40:d1:b6:72:0f:e4:a9:2f:a8:cc:a5:3b:00:27:85:6d
但是当我尝试处理CSR时:
openssl x509 -req -SHA256 -in [file].csr -CA ca.crt -CAkey ca.key -out [file].crt
我获得以下证书:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
d8:2d:19:4b:d4:32:dc:0a
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
Validity
Not Before: Apr 29 00:31:04 2017 GMT
Not After : May 29 00:31:04 2017 GMT
Subject: C=US, CN=www.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:e5:1d:a3:b2:47:1b:7c:05:f3:f3:36:b6:b2:0f:
79:27:0f:80:4c:39:1b:8c:6c:38:eb:43:f3:b4:33:
f4:7a:c5:de:2c:f7:28:69:e5:d1:88:6b:41:6c:5f:
b6:55:b5:2a:29:69:a4:da:fa:17:ac:6a:a0:5f:30:
9d:07:55:4f:52
ASN1 OID: prime256v1
NIST CURVE: P-256
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:97:a5:09:15:0b:fb:29:df:7b:59:8f:95:01:
cd:81:04:a5:36:c2:c4:5d:fa:6f:f1:2f:72:c2:eb:7c:d1:92:
2e:02:20:69:00:07:50:87:e5:a2:e9:a3:bf:a6:52:9c:80:df:
b4:69:34:3f:e0:a9:09:75:f8:03:ce:46:1a:43:cf:a2:a9
那么CSR中所请求的扩展到底发生了什么?我做错了什么?
TX! : - )
P.S。堆栈交换不喜欢这篇文章因为它说代码太多而且文本不够,所以请忽略其余部分,因为如果只是填充文本...