CSR中请求的扩展未在CRT中反映出来

时间:2017-04-29 00:37:38

标签: openssl x509

我遵循CSR:

Certificate Request:
Data:
    Version: 0 (0x0)
    Subject: C=US, CN=www.example.com
    Subject Public Key Info:
        Public Key Algorithm: id-ecPublicKey
            Public-Key: (256 bit)
            pub: 
                04:e5:1d:a3:b2:47:1b:7c:05:f3:f3:36:b6:b2:0f:
                79:27:0f:80:4c:39:1b:8c:6c:38:eb:43:f3:b4:33:
                f4:7a:c5:de:2c:f7:28:69:e5:d1:88:6b:41:6c:5f:
                b6:55:b5:2a:29:69:a4:da:fa:17:ac:6a:a0:5f:30:
                9d:07:55:4f:52
            ASN1 OID: prime256v1
            NIST CURVE: P-256
    Attributes:
    Requested Extensions:
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment
        X509v3 Extended Key Usage: 
            Code Signing
        X509v3 Basic Constraints: critical
            CA:FALSE
Signature Algorithm: ecdsa-with-SHA256
     30:45:02:21:00:b4:d8:73:e3:c0:2c:38:7d:44:c6:ed:c2:30:
     fb:0d:ca:99:74:fb:b9:2e:7e:72:d0:1a:6f:b5:89:8c:c2:e9:
     bd:02:20:45:91:99:3a:71:6c:f0:72:48:2f:c7:4c:93:d3:89:
     69:40:d1:b6:72:0f:e4:a9:2f:a8:cc:a5:3b:00:27:85:6d

但是当我尝试处理CSR时:

openssl x509 -req -SHA256 -in [file].csr -CA ca.crt -CAkey ca.key -out [file].crt

我获得以下证书:

Certificate:
Data:
    Version: 1 (0x0)
    Serial Number:
        d8:2d:19:4b:d4:32:dc:0a
Signature Algorithm: ecdsa-with-SHA256
    Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
    Validity
        Not Before: Apr 29 00:31:04 2017 GMT
        Not After : May 29 00:31:04 2017 GMT
    Subject: C=US, CN=www.example.com
    Subject Public Key Info:
        Public Key Algorithm: id-ecPublicKey
            Public-Key: (256 bit)
            pub: 
                04:e5:1d:a3:b2:47:1b:7c:05:f3:f3:36:b6:b2:0f:
                79:27:0f:80:4c:39:1b:8c:6c:38:eb:43:f3:b4:33:
                f4:7a:c5:de:2c:f7:28:69:e5:d1:88:6b:41:6c:5f:
                b6:55:b5:2a:29:69:a4:da:fa:17:ac:6a:a0:5f:30:
                9d:07:55:4f:52
            ASN1 OID: prime256v1
            NIST CURVE: P-256
Signature Algorithm: ecdsa-with-SHA256
     30:45:02:21:00:97:a5:09:15:0b:fb:29:df:7b:59:8f:95:01:
     cd:81:04:a5:36:c2:c4:5d:fa:6f:f1:2f:72:c2:eb:7c:d1:92:
     2e:02:20:69:00:07:50:87:e5:a2:e9:a3:bf:a6:52:9c:80:df:
     b4:69:34:3f:e0:a9:09:75:f8:03:ce:46:1a:43:cf:a2:a9

那么CSR中所请求的扩展到底发生了什么?我做错了什么?

TX! : - )

P.S。堆栈交换不喜欢这篇文章因为它说代码太多而且文本不够,所以请忽略其余部分,因为如果只是填充文本...

0 个答案:

没有答案