我正在开发一个编程项目,其中包含一个创建证书签名请求的bash脚本.
给我带来麻烦的是:
openssl req -new -nodes -sha256 -newkey rsa:2048 -keyout example.com.key -out example.com.csr -subj "/CN=example.com/emailAddress=webmaster@example.com/O=MyOrganization/OU=MyUnit/C=US/ST=AR/L=Fayetteville"
几乎所有属性看起来都很棒,但由于某些可怕的原因,openssl将emailAddress行与网络名称进行网格划分,这导致浏览器中的证书问题无效.
openssl req -text -noout -verify -in example.com.csr
Run Code Online (Sandbox Code Playgroud)verify OK Certificate Request: Data: Version: 0 (0x0) Subject: CN=example.com/emailAddress=webmaster@example.com, O=MyOrganization, OU=MyUnit, C=US, ST=AR, L=Fayetteville
注意它是如何将它们混合在一起的:
Run Code Online (Sandbox Code Playgroud)CN=example.com/emailAddress=webmaster@example.com
我希望它能识别出不同的属性:
Run Code Online (Sandbox Code Playgroud)CN=example.com, emailAddress=webmaster@example.com
Jef*_*ett 22
如果我首先列出emailAddress属性,
openssl req -new -nodes -sha256 -newkey rsa:2048 -keyout example.com.key -out example.com.csr -subj "/emailAddress=webmaster@example.com/CN=example.com/O=MyOrganization/OU=MyUnit/C=US/ST=AR/L=Fayetteville"
然后它似乎能够区分它就好了.
openssl req -text -noout -verify -in example.com.csr
Run Code Online (Sandbox Code Playgroud)verify OK Certificate Request: Data: Version: 0 (0x0) Subject: emailAddress=webmaster@example.com, CN=example.com, O=MyOrganization, OU=MyUnit, C=US, ST=AR, L=Fayetteville
| 归档时间: |
|
| 查看次数: |
11384 次 |
| 最近记录: |