client/req.cnf文件内容:
[req]
prompt = no
distinguished_name = dn
input_password = 123456
[dn]
O = 企业名称
1.OU = 部门名称1
2.OU = 部门名称2
emailAddress = 邮箱地址
CN = 用户名称
client/x509.cnf文件内容:
extensions = ext
[ext]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#subjectAltName = otherName:1.3.6.1.4.1.311.20.2.3;UTF8:名称
#subjectAltName = DNS:www.feistyduck.com,DNS:feistyduck.com
subjectAltName = @alt_names
[alt_names]
#DNS.1 = www.foo.com
#DNS.2 = www.bar.org
#IP.1 = 192.168.1.1
#IP.2 = 192.168.69.144
#email = [email protected]
otherName = 1.3.6.1.4.1.311.20.2.3;UTF8:名称
证书生成完整命令
// 生成密钥
gmssl ecparam -genkey -name sm2p256v1 -out client/client-key.pem
// 生成请求
gmssl req -utf8 -new -config client/req.cnf -key client/client-key.pem -out client/client-req.csr
// 查看请求(可选)
gmssl req -text -in client/client-req.csr -noout
// 自签署证书
gmssl x509 -req -in client/client-req.csr -out client/client-cert.pem -extfile client/x509.cnf -sm3 -signkey client/client-key.pem -days 3650
// 检查证书(可选)
gmssl x509 -text -in client/client-cert.pem -noout
// 导出证书
gmssl pkcs12 -export -clcerts -in client/client-cert.pem -inkey client/client-key.pem -out client/client.p12