我已经在/etc/ssl/openssl.cnf文件中设置了目录,但是每次我发出命令
openssl req -x509 -newkey rsa:4096 -keyout cakey.pem -out cacert.pem -days 3650
它将文件放置在我正在使用的目录的根目录中。
[ CA_default ]
dir = /home/will/myCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several certs with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
如果目录正常工作,我应该期待
Generating a 2048 bit RSA private key
.................................+++
.................................................................................................+++
writing new private key to '/home/bshumate/myCA/private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
将新的私钥写入“ /home/bshumate/myCA/private/cakey.pem”
有人知道为什么默认目录不起作用吗?
N.B OpenSSL版本1.1.0g-2ubuntu4.3
非常感谢
会
更新 我已经使用二进制文件直接从网站升级了OpenSSL版本,现在安装在/ etc / local / ssl下。不幸的是,我仍然不明白为什么我用OpenSSL生成的文件没有被分类到文件夹/目录中。