Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/shell/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
OpenSSL:将值作为对象的自定义字段添加到CSR_Openssl_X509certificate_Asn.1_Csr - Fatal编程技术网
Fatal编程技术网
  • openssl/
  • OpenSSL:将值作为对象的自定义字段添加到CSR

OpenSSL:将值作为对象的自定义字段添加到CSR

openssl

OpenSSL:将值作为对象的自定义字段添加到CSR,openssl,x509certificate,asn.1,csr,Openssl,X509certificate,Asn.1,Csr,我想在CSR中添加一个附加到自定义字段的自定义对象(JSON)。我正在使用的配置文件是 [req] distinguished_name = dn req_extensions = v3_req prompt = no [v3_req] basicConstraints = critical,CA:false subjectKeyIdentifier = hash keyUsage = critical,keyCertSign,cRLSign subjectAltName = @altern

我想在CSR中添加一个附加到自定义字段的自定义对象(JSON)。我正在使用的配置文件是

[req]
distinguished_name = dn
req_extensions  = v3_req
prompt = no

[v3_req]
basicConstraints = critical,CA:false
subjectKeyIdentifier = hash
keyUsage = critical,keyCertSign,cRLSign
subjectAltName = @alternate_names
1.2.3.4.5.6.7.8.1=ASN1:UTF8String:"{"attrs":{"admin":"true","hf.Affiliation":"org1.department1","hf.EnrollmentID":"user3","hf.Type":"client","myparam":"nitish"}}"

[alternate_names]
DNS.0 = SDK

[dn]
C="US"
ST="Illinois"
L="Chicago"
O="Some Company"
OU="peer"
0.OU="department1"
CN="12345"
命令:

openssl req -new -key user_pvt.key -out user.csr -config csr.conf -extensions v3_req
它成功地生成了CSR文件。但是,请求扩展有一个自定义参数,其值为字符串

Requested Extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                0F:F0:72:0A:1D:7E:79:98:04:CE:62:05:65:4B:41:C5:DE:9F:E7:55
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name: 
                DNS:SDK
            1.2.3.4.5.6.7.8.1: 
                .h{attrs:{admin:true,hf.Affiliation:org1.department1,hf.EnrollmentID:user3,hf.Type:client,myparam:nitish}}
但是,我需要在1.2.3.4.5.6.7.8.1中添加一个对象,如下所示:

如何在csr.conf文件中添加/指定此信息以获得此结果

1.2.3.4.5.6.7.8.1:
{“attrs”:{“admin”:“true”,“hf.Affiliation”:“org1.department1”,“hf.EnrolmentId”:“user3”,“hf.Type”:“client”,“myparam”:“nitish”}

您需要在JSON字符串中转义双引号。顺便说一句:
CA:false
keyCertSign,cRLSign
?另外,请注意,显示开始处的
.h
是UTF8STRING编码的标记和长度八位字节,并不表示值中存在错误。OpenSSL不知道非标准扩展的内部结构,也不尝试对它们进行解码,即使它们像这样简单。你知道如何删除这个前缀吗?事实上,我发现,因为它是一个自定义实现,只要它符合ASN1扩展格式的语法,就可以使用任何符号。Fabric使用1.2.3.4.5.6.7.8.1作为密钥,用于在数字证书中添加自定义参数(非标准扩展),因为它易于记忆,并且遵循ASN1标准。 
Requested Extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                0F:F0:72:0A:1D:7E:79:98:04:CE:62:05:65:4B:41:C5:DE:9F:E7:55
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name: 
                DNS:SDK
            1.2.3.4.5.6.7.8.1: 
                {"attrs":{"admin":"true","hf.Affiliation":"org1.department1","hf.EnrollmentID":"user3","hf.Type":"client","myparam":"nitish"}}