【发布时间】:2015-09-18 22:25:24
【问题描述】:
有人知道常规 x509v3 证书与安全设备身份证书之间的区别吗?我知道对于设备身份证书,它们确实限制了您可以在某些字段中使用的内容(想到签名算法以及到期时间),并且 subjectName 对设备来说是唯一的,但还有什么不同。假设我要按如下方式生成证书:
$ openssl ecparam -out priv_key.pem -name secp384r1 -genkey
$ openssl req -new -key priv_key.pem -x509 -nodes -out cert.pem
然后我的证书看起来像这样:
$ openssl x509 -text -noout -in cert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
86:d6:c2:8f:d0:66:0f:ba
Signature Algorithm: ecdsa-with-SHA1
Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
Validity
Not Before: Jul 1 16:15:55 2015 GMT
Not After : Jul 31 16:15:55 2015 GMT
Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:d3:05:98:9b:61:1e:91:22:5b:84:92:6f:09:d9:
ce:5b:cf:28:de:aa:2f:21:89:5f:95:92:48:7a:b9:
b1:13:84:21:bc:83:31:9c:45:63:c5:65:d6:80:79:
f8:53:40:55:c0:10:4a:0d:44:fb:a9:2f:de:2f:c7:
ea:44:d0:3f:88:05:0c:35:06:b8:f6:b9:e6:25:53:
f2:05:67:76:df:20:55:76:f8:be:8e:e8:9b:45:19:
e4:dc:9e:cf:62:d8:95
ASN1 OID: secp384r1
X509v3 extensions:
X509v3 Subject Key Identifier:
26:D0:6D:95:39:B4:08:E9:DD:B1:9C:3F:AD:76:42:61:0C:26:6B:5C
X509v3 Authority Key Identifier:
keyid:26:D0:6D:95:39:B4:08:E9:DD:B1:9C:3F:AD:76:42:61:0C:26:6B:5C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA1
30:65:02:30:09:e6:83:8b:63:f5:e0:00:df:91:92:92:24:b7:
62:bf:74:95:29:50:9d:12:f0:37:6a:7b:68:d6:13:df:86:8b:
b9:d9:b8:ed:9a:30:27:fe:21:2c:40:57:f6:29:93:04:02:31:
00:8a:68:50:23:56:56:8c:62:2d:01:c0:7c:b4:8d:68:11:6b:
80:96:c2:79:80:32:00:f1:16:d1:d0:5e:23:f3:c8:99:b8:86:
05:b1:99:20:04:67:6f:74:94:9e:f5:bc:45
此证书还需要添加哪些内容才能将其视为安全设备身份证书?
【问题讨论】:
标签: ssl certificate ssl-certificate x509certificate x509