openssl一套证书-配置文件和证书签发
dn-param 和 extend 配置文件
CA的dn-param 和 extend
CA的dn-param 和 extend
CI-csr.cnf 的内容如下:
#openssl x509 extfile params extensions = extend # This prevent the user to be prompted for values prompt = no distinguished_name = dn-param [dn-param] # DN fields CN = GSMA Test CI OU = TESTCERT O = RSPTEST C = IT # Extensions for the Test CI [extend] # openssl extensions subjectKeyIdentifier = hash basicConstraints = critical, CA:true certificatePolicies=critical,2.23.146.1.2.1.0 keyUsage =critical, keyCertSign, cRLSign subjectAltName = RID:2.999.1 crlDistributionPoints=URI:http://ci.test.gsma.com/CRL-A.crl, URI:http://ci.test.gsma.com/CRL-B.crl
EUM
EUM的dn-param
EUM-csr.cnf 内容如下:
# openssl EMU certificate request configuration file [req] prompt = no distinguished_name = dn-name [dn-name] countryName = DE organizationName = RSP Test EUM commonName = EUM Test
EUM的 extend
EUM-ext.cnf内容如下:
# openssl EUM certificate creation configuration file # 2017-01-31 authorityKeyIdentifier=keyid, issuer subjectKeyIdentifier=hash keyUsage=critical, keyCertSign certificatePolicies=critical,2.23.146.1.2.1.2 #OID id-rspRole-eum subjectAltName=RID:2.999.5 basicConstraints=critical,CA:TRUE, pathlen:0 crlDistributionPoints=URI:http://ci.test.gsma.com/CRL-B.crl nameConstraints=critical,DER:30:32:A0:30:30:2E:A4:2C:30:2A:31:15:30:13:06:03:55:04:0A:0C:0C:52:53:50:20:54:65:73:74:20:45:55:4D:31:11:30:0F:06:03:55:04:05:13:08:38:39:30:34:39:30:33:32
AUTH
dp auth的dn-param
DSauth-csr.cnf:
#openssl x509 extfile params extensions = extend # This prevent the user to be prompted for values prompt = no distinguished_name = dn-param [dn-param] # DN fields O = ACME CN = TEST SM-DP+ [extend] # openssl extensions
dp auth的extend
DSauth-ext.cnf:
# openssl x509 extfile params extensions = extend # This prevent the user to be prompted for values prompt = no [extend] # openssl extensions authorityKeyIdentifier=keyid,issuer subjectKeyIdentifier=hash subjectAltName = RID:2.999.10 keyUsage =critical, digitalSignature certificatePolicies=critical,2.23.146.1.2.1.4 crlDistributionPoints=URI:http://ci.test.gsma.com/CRL-A.crl, URI:http://ci.test.gsma.com/CRL-B.crl
TLS
TLS的dn-param
CERT_S_SM_DP_TLS.csr.cnf:
[ req ] prompt = no distinguished_name = req_distinguished_name [ req_distinguished_name ] O = myo # shall be aligned with SGP.23 value #TEST_DP_ADDRESS1 CN = xxx.xxx.com
TLS的extend
CERT_S_SM_DP_TLS.ext.cnf
###################################################################################################################################################################### # Extensions for a DPTLS keyUsage = critical, digitalSignature extendedKeyUsage = critical, serverAuth, clientAuth certificatePolicies = 2.23.146.1.2.1.3 subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer # RID shall be aligend with SGP.23 value SM-DP+OID # DNS name shall be aligned with SGP.23 value #TEST_DP_ADDRESS1 subjectAltName = DNS:testsmdpplus1.gsma.com, RID:2.999.10 crlDistributionPoints=URI:http://ci.test.gsma.com/CRL-A.crl, URI:http://ci.test.gsma.com/CRL-B.crl
euicc
euicc的dn-param
# openssl-eUICC.cnf # # use: openssl req -new -nodes -sha256 -config eUICC-csr.cnf -key euiccPrKey.pem -out eUICC.csr # [req] prompt = no distinguished_name = dn-name [dn-name] countryName = DE organizationName = RSP Test EUM serialNumber = 89049032123451234512345678901235 commonName = Test eUICC
euicc的extend
#eUICC certificate creation configuration # # use openssl x509 -req -in eUICC.csr -CA ..EUM-cert.pem -CAkey ..eumPrivKey.pem -set_serial 0x020000000000000001 -days 2915731 -sha256 -extfile euicc-ext.cnf -out eUICC-cert.pem # authorityKeyIdentifier=keyid subjectKeyIdentifier=hash keyUsage = critical, digitalSignature certificatePolicies=critical,2.23.146.1.2.1.1 #OID id-rspRole-e