可以参考如下命令
gmssl sm2keygen -pass 123456 -out cakey.pem -pubout capubkey.pem
gmssl certgen -C CN -ST HN -L CS -O XXX -OU dev -CN CA -days 3650 -key cakey.pem -key_usage keyCertSign -pass 123456 -out ca.crt
gmssl certparse -in ca.crt
###server sign
gmssl sm2keygen -pass 123456 -out s_signkey.pem -pubout s_signpubkey.pem
gmssl reqgen -C CN -ST HN -L CS -O XXX -OU dev -CN s_sign -days 3650 -key s_signkey.pem -pass 123456 -out s_signreq.pem
gmssl reqsign -in s_signreq.pem -days 3650 -key_usage digitalSignature -cacert ca.crt -key cakey.pem -pass 123456 -out s_sign.crt
gmssl certparse -in s_sign.crt
###server enc
gmssl sm2keygen -pass 123456 -out s_enckey.pem -pubout s_encpubkey.pem
gmssl reqgen -C CN -ST HN -L CS -O XXX -OU dev -CN s_enc -days 3650 -key s_enckey.pem -pass 123456 -out s_encreq.pem
gmssl reqsign -in s_encreq.pem -days 3650 -key_usage keyEncipherment -cacert ca.crt -key cakey.pem -pass 123456 -out s_enc.crt
gmssl certparse -in s_enc.crt
###client sign
gmssl sm2keygen -pass 123456 -out c_signkey.pem -pubout c_signpubkey.pem
gmssl reqgen -C CN -ST HN -L CS -O XXX -OU dev -CN c_sign -days 3650 -key c_signkey.pem -pass 123456 -out c_signreq.pem
gmssl reqsign -in c_signreq.pem -days 3650 -key_usage digitalSignature -cacert ca.crt -key cakey.pem -pass 123456 -out c_sign.crt
gmssl certparse -in c_sign.crt
###client enc
gmssl sm2keygen -pass 123456 -out c_enckey.pem -pubout c_encpubkey.pem
gmssl reqgen -C CN -ST HN -L CS -O XXX -OU dev -CN c_enc -days 3650 -key c_enckey.pem -pass 123456 -out c_encreq.pem
gmssl reqsign -in c_encreq.pem -days 3650 -key_usage keyEncipherment -cacert ca.crt -key cakey.pem -pass 123456 -out c_enc.crt
gmssl certparse -in c_enc.crt文章来源:https://www.toymoban.com/news/detail-707609.html
[-key_usage str]*
根据源码提示找到了,必须取下列值,一个或多个
static const char *x509_key_usages[] = {
"digitalSignature",
"nonRepudiation",
"keyEncipherment",
"dataEncipherment",
"keyAgreement",
"keyCertSign",
"cRLSign",
"encipherOnly",
"decipherOnly",
};文章来源地址https://www.toymoban.com/news/detail-707609.html
到了这里,关于GMSSL 3.0生成自签名证书的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!