openssl3.2/test/certs - 053 - Name constraints subordinate CA. Adds

2024-01-25 14:20

本文主要是介绍openssl3.2/test/certs - 053 - Name constraints subordinate CA. Adds,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

文章目录

    • openssl3.2/test/certs - 053 - Name constraints subordinate CA. Adds
    • 概述
    • 笔记
    • END

openssl3.2/test/certs - 053 - Name constraints subordinate CA. Adds

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\053\my_openssl_linux_doc_053.txt
* \note openssl3.2/test/certs - 053 - Name constraints subordinate CA. Adds
*/// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash# \file setup053.sh# openssl3.2/test/certs - 053 - Name constraints subordinate CA. Adds
# Name constraints subordinate CA. Adds www.good.net (which should be
# disallowed because parent CA doesn't permit it) adds ok.good.com
# (which should be allowed because parent allows *.good.com
# and now excludes bad.ok.good.com (allowed in permitted subtrees
# but explicitly excluded).NC="permitted;DNS:www.good.net, permitted;DNS:ok.good.com, "
NC="$NC excluded;DNS:bad.ok.good.com"
NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \ncca1-key ncca1-cert// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ncca3-key.pem // cmd 2
// cfg_exp053_cmd2.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Test NC sub CAopenssl req -new -sha256 -key ncca3-key.pem -config cfg_exp053_cmd2.txt -out req_exp053_cmd2.pem// cmd 3
// cfg_exp053_cmd3.txt
basicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid
nameConstraints = permitted;DNS:www.good.net, permitted;DNS:ok.good.com,  excluded;DNS:bad.ok.good.comopenssl x509 -req -sha256 -out ncca3-cert.pem -extfile cfg_exp053_cmd3.txt -CA ncca1-cert.pem -CAkey ncca1-key.pem -set_serial 2 -days 36525 -in req_exp053_cmd2.pem// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ncca3-key.pem 
openssl req -new -sha256 -key ncca3-key.pem -config /dev/fd/63 -config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtstring_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Test NC sub CA
openssl x509 -req -sha256 -out ncca3-cert.pem -extfile /dev/fd/63 -CA ncca1-cert.pem -CAkey ncca1-key.pem -set_serial 2 -days 36525 -extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtbasicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid
nameConstraints = permitted;DNS:www.good.net, permitted;DNS:ok.good.com,  excluded;DNS:bad.ok.good.com

END

这篇关于openssl3.2/test/certs - 053 - Name constraints subordinate CA. Adds的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!



http://www.chinasem.cn/article/643539

相关文章

论文翻译:ICLR-2024 PROVING TEST SET CONTAMINATION IN BLACK BOX LANGUAGE MODELS

PROVING TEST SET CONTAMINATION IN BLACK BOX LANGUAGE MODELS https://openreview.net/forum?id=KS8mIvetg2 验证测试集污染在黑盒语言模型中 文章目录 验证测试集污染在黑盒语言模型中摘要1 引言 摘要 大型语言模型是在大量互联网数据上训练的,这引发了人们的担忧和猜测,即它们可能已

Golang test编译使用

创建文件my_test.go package testsimport "testing"func TestMy(t *testing.T) {t.Log("TestMy")} 通常用法: $ go test -v -run TestMy my_test.go=== RUN TestMyTestMy: my_test.go:6: TestMy--- PASS: TestMy (0.

JavaScript正则表达式六大利器:`test`、`exec`、`match`、`matchAll`、`search`与`replace`详解及对比

在JavaScript中,正则表达式(Regular Expression)是一种用于文本搜索、替换、匹配和验证的强大工具。本文将深入解析与正则表达式相关的几个主要执行方法:test、exec、match、matchAll、search和replace,并对它们进行对比,帮助开发者更好地理解这些方法的使用场景和差异。 正则表达式基础 在深入解析方法之前,先简要回顾一下正则表达式的基础知识。正则

mybatis if test 之 0当做参数传入出问题

首先前端传入了参数 if(StringUtils.isNotBlank(status)){requestParam.setProperty("status", Integer.parseInt(status));}List<SuperPojo> applicationList = groupDao.getApplicationListByReviewStatusAndMember(req

js正则表达式test方法的问题

今天在网上碰到一个帖子,写了一个关于Regex的奇怪现象,(文章来源http://www.php100.com/html/webkaifa/javascript/2007/0109/1866.html) 代码如下 <script type="text/javascript"><!--var re = /^\d+(?:\.\d)?$/ig; alert(re.test('112.3'

c:if test=/c:if如何判断空(使用例子)

userName是登录的时候放到session中了 <c:if test="${ not empty userName }">这表示userName判断不为null `<c:if test="${empty userName }"> ` 这表示userName判断为null 使用案例 <c:if test="${ not empty userName }"><ul><li><a

[UVM]6.component driver monitor sequencer agent scoreboard env test

1.知识点回顾 (1)component需要有parent,因为参加构成组件,所以需要(继承); (2)object与component之间间隔report_object。 2.组件家族 (1)构建寄存器模型 :uvm_reg_predictor;激励器:driver/random_stimulus/sequencer_base/sequencer;监测器:monitor;

shell脚本编写之test命令

test命令用于测试某个条件是否成立,它可以进行数值、字符和文件三个方面的测试。 在shell文件中输入命令,通过特定的参数可以对数值、字符串进行比较,如下参数及示例。 1、数值比较参数 举例,在myshell.sh脚本中加入如下内容,将两个变量值进行比较: 执行结果: 2、字符串比较参数 举例,在myshell.sh中添加如下内容,进行变量值比较: 执行结果如下

openssl之数字证书签名,CA认证原理及详细操作

http://blog.sina.com.cn/s/blog_cfee55a70102wn3h.html openssl之数字证书签名,CA认证原理及详细操作   (2016-03-23 09:42:39) 转载▼ 标签:  rsa   ca认证   php签名   非对称加密技术 分类: 软件设计 1 公钥密码体系(Public-key Crypt

Tensorflow 中train和test的batchsize不同时, 如何设置: tf.nn.conv2d_transpose

大家可能都知道, 在tensorflow中, 如果想实现测试时的batchsize大小随意设置, 那么在训练时, 输入的placeholder的shape应该设置为[None, H, W, C]. 具体代码如下所示: # Placeholders for input data and the targetsx_input = tf.placeholder(dtype=tf.float32, s