能否请您看一下代码?我正在尝试创建根ca,然后创建中间ca请求,然后使用根密钥来发出请求:
#!/bin/bash
readonly root_key="ca_key.pem"
readonly root_cert="ca_cert.pem"
readonly int_key="int_key.pem"
readonly int_csr="int_csr.pem"
readonly int_cert="int_cert.pem"
openssl req \
-x509 \
-newkey rsa:4096 \
-keyout "$root_key" \
-out "$root_cert" \
-days 3650 \
-nodes \
-batch \
-addext basicConstraints=critical,CA:TRUE,pathlen:1 \
-subj "/CN=LamaMind Root CA/O=LamaMind"
openssl req \
-newkey rsa:4096 \
-keyout "$int_key" \
-out "$int_csr" \
-nodes \
-batch \
-subj "/CN=LamaMind signing CA/O=LamaMind"
openssl x509 -req \
-days 3600 \
-in "$int_csr" \
-CA "$root_cert" \
-CAkey "$root_key" \
-CAcreateserial \
-out "$int_cert"
openssl verify -CAfile $root_cert $int_cert
最后一行的验证失败,并显示以下消息:
error 24 at 1 depth lookup: invalid CA certificate
error int_cert.pem: verification failed
我做错了什么?