{"id":1111,"date":"2024-09-05T00:51:04","date_gmt":"2024-09-04T16:51:04","guid":{"rendered":"https:\/\/www.madbull.site\/?p=1111"},"modified":"2024-09-06T14:27:51","modified_gmt":"2024-09-06T06:27:51","slug":"openssl%e9%a2%81%e5%8f%91%e5%8c%85%e5%90%ab%e5%a4%9a%e4%b8%aa%e4%b8%bb%e9%a2%98%e6%9b%bf%e4%bb%a3%e5%90%8d%e7%9a%84%e8%af%81%e4%b9%a6-subjectaltname","status":"publish","type":"post","link":"https:\/\/www.madbull.site\/?p=1111","title":{"rendered":"openssl\u9881\u53d1\u5305\u542b\u4e3b\u9898\u66ff\u4ee3\u540d\u7684\u8bc1\u4e66–SAN"},"content":{"rendered":"\n

\u5728 X.509 \u8bc1\u4e66\u4e2d\uff0ccommonName<\/code>\uff08CN\uff09\u5b57\u6bb5\u53ea\u80fd\u6709\u4e00\u4e2a\u503c\u3002\u5982\u679c\u8ba9\u8bc1\u4e66\u652f\u6301\u591a\u4e2a\u57df\u540d\u548cIP\u5730\u5740\uff0c\u9700\u8981\u7528\u5230\u4e3b\u9898\u66ff\u4ee3\u540d\u79f0–subjectAltName\u3002<\/p>\n\n\n\n

<\/div>\n\n\n\n

\u7b2c\u4e00\u6b65\uff0c\u5236\u4f5cCA\u6839\u8bc1\u4e66<\/strong><\/p>\n\n\n\n

<\/div>\n\n\n\n

\u548c\u5f80\u671f\u6587\u7ae0\uff1ahttps:\/\/www.madbull.site\/?p=601<\/a> \u4e2d\u76841.1<\/strong>\u548c1.2<\/strong>\u6b65\u9aa4\u662f\u4e00\u6837\u3002\u64cd\u4f5c\u5982\u4e0b\u56fe\uff1a<\/p>\n\n\n\n

<\/div>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\n
<\/div>\n\n\n\n

\u7b2c\u4e8c\u6b65\uff1a\u9881\u53d1\u8bc1\u4e66<\/strong><\/p>\n<\/div>\n\n\n\n

\n
<\/div>\n\n\n\n

\u9700\u8981\u7528\u52305\u4e2a\u6587\u4ef6\uff1a<\/p>\n\n\n\n

1\u3001\u7b2c\u4e00\u6b65\u4ea7\u751f\u7684CA\u79c1\u94a5<\/p>\n\n\n\n

2\u3001\u7b2c\u4e00\u6b65\u4ea7\u751f\u7684CA\u6839\u8bc1\u4e66<\/p>\n\n\n\n

3\u3001\u670d\u52a1\u7aef\u9700\u8981\u521b\u5efa\u4e00\u4e2a\u79c1\u94a5<\/strong>\uff0c\u4e00\u822c\u6269\u5c55\u540d\u4e3a .key<\/strong><\/p>\n\n\n\n

4\u3001\u670d\u52a1\u7aef\u9700\u8981\u521b\u5efa\u8bc1\u4e66\u914d\u7f6e\u6587\u4ef6<\/strong>\uff0c\u4e00\u822c\u6269\u5c55\u540d\u4e3a .csr<\/strong><\/p>\n\n\n\n

5\u3001\u670d\u52a1\u7aef\u7528\u81ea\u5df1\u7684\u79c1\u94a5\u548c\u914d\u7f6e\u6587\u4ef6\u51fa\u521b\u5efa\u4e00\u4e2a\u8bc1\u4e66\u8bf7\u6c42\u6587\u4ef6<\/strong>\uff0c\u4e00\u822c\u6269\u5c55\u540d\u4e3a .crt<\/strong><\/p>\n<\/div>\n\n\n\n

\n
<\/div>\n\n\n\n

2.1 \u521b\u5efa\u670d\u52a1\u7aef\u7684\u79c1\u94a5<\/strong><\/p>\n<\/div>\n\n\n\n

\n
<\/div>\n\n\n\n

\u6307\u4ee4\uff1aopenssl genrsa -out private.key 2048 \u548c\u7b2c\u4e00\u6b65\u521b\u5efa\u79c1\u94a5\u7684\u65b9\u6cd5\u662f\u4e00\u6837\u7684<\/p>\n<\/div>\n\n\n\n

\n
<\/div>\n\n\n\n

2.2 \u521b\u5efa\u8bc1\u4e66\u914d\u7f6e\u6587\u4ef6<\/strong><\/p>\n\n\n\n

<\/div>\n\n\n\n

\u547d\u540d\u4e3a\uff1acsr.conf<\/p>\n\n\n\n

default_bits = 2048\nprompt = no\ndefault_md = sha256\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n\n[req_distinguished_name]\ncountryName = CN\nstateOrProvinceName = Shandong\nlocalityName = Qingdao\norganizationName = madbull\norganizationalUnitName = IT\ncommonName = node1\nemailAddress = xxx@xxx.com\n\n[v3_req]\nsubjectAltName = @alt_names\n\n[alt_names]\nDNS.1 = node1\nDNS.2 = madbull.site\nDNS.3 = localhost\nIP.1 = 127.0.0.1\nIP.2 = 192.168.1.123<\/code><\/pre>\n<\/div>\n\n\n\n
\n
<\/div>\n\n\n\n
\u5176\u4e2d commonName \u548c alt_names\u7684\u914d\u7f6e \u6839\u636e\u81ea\u5df1\u7684\u5b9e\u9645\u60c5\u51b5\u586b\u5199 \u57df\u540d\u548c\u4e3b\u673a\u540d\u3002<\/p>\n\n\n\n
<\/div>\n\n\n\n
\u914d\u7f6e\u89e3\u91ca\uff1a<\/p>\n\n\n\n
default_bits: \u8bbe\u7f6e\u9ed8\u8ba4\u7684\u5bc6\u94a5\u957f\u5ea6\u4e3a 2048 \u4f4d\u3002<\/p>\n\n\n\n
prompt: \u8bbe\u7f6e\u4e3a no\uff0c\u8868\u793a\u5728\u751f\u6210 CSR \u65f6\u4e0d\u63d0\u793a\u7528\u6237\u8f93\u5165\u4fe1\u606f\uff0c\u800c\u662f\u4f7f\u7528\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u9ed8\u8ba4\u503c\u3002<\/p>\n\n\n\n
default_md: \u8bbe\u7f6e\u9ed8\u8ba4\u7684\u6d88\u606f\u6458\u8981\u7b97\u6cd5\u4e3a SHA-256\u3002<\/p>\n\n\n\n
distinguished_name: \u6307\u5411 [req_distinguished_name] \u6bb5\uff0c\u5b9a\u4e49\u4e86\u8bc1\u4e66\u8bf7\u6c42\u7684\u57fa\u672c\u4fe1\u606f\u3002<\/p>\n\n\n\n
req_extensions: \u6307\u5411 [v3_req] \u6bb5\uff0c\u5b9a\u4e49\u4e86\u8bc1\u4e66\u8bf7\u6c42\u4e2d\u7684\u6269\u5c55\u5b57\u6bb5\u3002<\/p>\n\n\n\n
subjectAltName: \u6307\u5411 [alt_names] \u6bb5<\/p>\n<\/div>\n\n\n\n
\n
<\/div>\n\n\n\n
2.3 \u751f\u6210\u8bc1\u4e66\u8bf7\u6c42\u6587\u4ef6<\/strong><\/p>\n\n\n\n
<\/div>\n\n\n\n
\u6307\u4ee4\uff1aopenssl req -new -key private.key -out req.csr -config csr.conf<\/p>\n\n\n\n
<\/div>\n\n\n\n
\u6ce8\u610f\uff0c\u8fd9\u91cc\u591a\u4e86\u6307\u5b9a\u914d\u7f6e\u6587\u4ef6 -config csr.conf<\/strong><\/p>\n\n\n\n
\u53ef\u7528\uff1aopenssl req -in req.csr -noout -text \u67e5\u770b\u8bf7\u6c42\u8bc1\u4e66\u6587\u4ef6\u5185\u5bb9\u3002<\/p>\n\n\n\n
<\/div>\n\n\n\n
\"\"<\/figure>\n<\/div>\n\n\n\n
\n
<\/div>\n\n\n\n
2.4 \u9881\u53d1\u8bc1\u4e66<\/strong><\/p>\n\n\n\n
<\/div>\n\n\n\n
\u6307\u4ee4\uff1aopenssl x509 -req -in req.csr -CA root-ca.crt -CAkey root-ca.key -CAcreateserial -out public.crt -days 10240 -sha256 -extensions v3_req -extfile csr.conf<\/p>\n\n\n\n
<\/div>\n\n\n\n
\u6ce8\u610f\uff0c\u8fd9\u91cc\u591a\u4e86\u6307\u5b9a\u6269\u5c55\u6bb5\u540d\u79f0\u548c\u914d\u7f6e\u6587\u4ef6 -extensions v3_req -extfile csr.conf<\/strong>\u3002<\/p>\n\n\n\n
\u53ef\u7528\uff1aopenssl x509 -in public.crt -noout -text \u67e5\u770b\u8bc1\u4e66\u5185\u5bb9\u3002<\/p>\n\n\n\n
<\/div>\n\n\n\n
\"\"<\/figure>\n<\/div>\n\n\n\n
<\/div>\n\n\n\n
\n\n\n\n
<\/div>\n\n\n\n
\u81ea\u6b64\uff0c\u5f53\u524d\u76ee\u5f55\u4e0b\u67097\u4e2a\u6587\u4ef6\uff0c\u5bf9\u4e8e\u670d\u52a1\u7aef\u53ea\u9700\u8981\u79c1\u94a5\u548c\u8bc1\u4e66\u5c31\u53ef\u4ee5\u4e86\u3002\u4e0b\u9762\u5206\u522b\u4ecb\u7ecd\u4e00\u4e0b\u8fd9\u4e9b\u90fd\u662f\u4ec0\u4e48\u6587\u4ef6\uff1a<\/p>\n\n\n\n
<\/div>\n\n\n\n
\"\"<\/figure>\n\n\n\n
<\/div>\n\n\n\n
csr.conf: \u8bc1\u4e66\u914d\u7f6e\u6587\u4ef6<\/p>\n\n\n\n
private.key: \u670d\u52a1\u7aef\u79c1\u94a5<\/p>\n\n\n\n
public.crt: \u670d\u52a1\u7aef\u8bc1\u4e66<\/p>\n\n\n\n
req.csr: \u670d\u52a1\u7aef\u751f\u6210\u7684\u8bc1\u4e66\u8bf7\u6c42\u6587\u4ef6<\/p>\n\n\n\n
root-ca.crt: CA\u6839\u7684\u8bc1\u4e66<\/p>\n\n\n\n
root-ca.key: CA\u6839\u7684\u79c1\u94a5<\/p>\n\n\n\n
root-ca.srl: \u4e0a\u6b21\u9881\u53d1\u8bc1\u4e66\u7528\u5230\u7684\u8bc1\u4e66\u7f16\u53f7<\/p>\n","protected":false},"excerpt":{"rendered":"
\u5728 X.509 \u8bc1\u4e66\u4e2d\uff0ccommonName\uff08CN\uff09\u5b57\u6bb5\u53ea\u80fd\u6709\u4e00\u4e2a\u503c\u3002\u5982\u679c\u8ba9\u8bc1\u4e66\u652f\u6301\u591a\u4e2a\u57df\u540d\u548cIP\u5730\u5740\uff0c\u9700\u8981\u7528 […]<\/p>\n","protected":false},"author":1,"featured_media":450,"comment_status":"open","ping_status":"open","sticky":false,"template":"single-with-sidebar","format":"standard","meta":{"footnotes":""},"categories":[135,131],"tags":[439,202,440,441,438,437,435,436,185,434],"class_list":["post-1111","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-131","tag-ca","tag-openssl","tag-san","tag-subjectaltname","tag-438","tag-437","tag-435","tag-436","tag-185","tag-434"],"_links":{"self":[{"href":"https:\/\/www.madbull.site\/index.php?rest_route=\/wp\/v2\/posts\/1111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.madbull.site\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.madbull.site\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.madbull.site\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.madbull.site\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1111"}],"version-history":[{"count":11,"href":"https:\/\/www.madbull.site\/index.php?rest_route=\/wp\/v2\/posts\/1111\/revisions"}],"predecessor-version":[{"id":1143,"href":"https:\/\/www.madbull.site\/index.php?rest_route=\/wp\/v2\/posts\/1111\/revisions\/1143"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.madbull.site\/index.php?rest_route=\/wp\/v2\/media\/450"}],"wp:attachment":[{"href":"https:\/\/www.madbull.site\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.madbull.site\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.madbull.site\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}