OpenSSL:将值作为对象的自定义字段添加到CSR
我想在CSR中添加一个附加到自定义字段的自定义对象(JSON)。我正在使用的配置文件是OpenSSL:将值作为对象的自定义字段添加到CSR,openssl,x509certificate,asn.1,csr,Openssl,X509certificate,Asn.1,Csr,我想在CSR中添加一个附加到自定义字段的自定义对象(JSON)。我正在使用的配置文件是 [req] distinguished_name = dn req_extensions = v3_req prompt = no [v3_req] basicConstraints = critical,CA:false subjectKeyIdentifier = hash keyUsage = critical,keyCertSign,cRLSign subjectAltName = @altern
[req]
distinguished_name = dn
req_extensions = v3_req
prompt = no
[v3_req]
basicConstraints = critical,CA:false
subjectKeyIdentifier = hash
keyUsage = critical,keyCertSign,cRLSign
subjectAltName = @alternate_names
1.2.3.4.5.6.7.8.1=ASN1:UTF8String:"{"attrs":{"admin":"true","hf.Affiliation":"org1.department1","hf.EnrollmentID":"user3","hf.Type":"client","myparam":"nitish"}}"
[alternate_names]
DNS.0 = SDK
[dn]
C="US"
ST="Illinois"
L="Chicago"
O="Some Company"
OU="peer"
0.OU="department1"
CN="12345"
命令:
openssl req -new -key user_pvt.key -out user.csr -config csr.conf -extensions v3_req
它成功地生成了CSR文件。但是,请求扩展有一个自定义参数,其值为字符串
Requested Extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
0F:F0:72:0A:1D:7E:79:98:04:CE:62:05:65:4B:41:C5:DE:9F:E7:55
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Alternative Name:
DNS:SDK
1.2.3.4.5.6.7.8.1:
.h{attrs:{admin:true,hf.Affiliation:org1.department1,hf.EnrollmentID:user3,hf.Type:client,myparam:nitish}}
但是,我需要在1.2.3.4.5.6.7.8.1中添加一个对象,如下所示:
如何在csr.conf文件中添加/指定此信息以获得此结果
1.2.3.4.5.6.7.8.1:
{“attrs”:{“admin”:“true”,“hf.Affiliation”:“org1.department1”,“hf.EnrolmentId”:“user3”,“hf.Type”:“client”,“myparam”:“nitish”}您需要在JSON字符串中转义双引号。顺便说一句:
CA:false
和keyCertSign,cRLSign
?另外,请注意,显示开始处的.h
是UTF8STRING编码的标记和长度八位字节,并不表示值中存在错误。OpenSSL不知道非标准扩展的内部结构,也不尝试对它们进行解码,即使它们像这样简单。你知道如何删除这个前缀吗?事实上,我发现,因为它是一个自定义实现,只要它符合ASN1扩展格式的语法,就可以使用任何符号。Fabric使用1.2.3.4.5.6.7.8.1作为密钥,用于在数字证书中添加自定义参数(非标准扩展),因为它易于记忆,并且遵循ASN1标准。
Requested Extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
0F:F0:72:0A:1D:7E:79:98:04:CE:62:05:65:4B:41:C5:DE:9F:E7:55
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Alternative Name:
DNS:SDK
1.2.3.4.5.6.7.8.1:
{"attrs":{"admin":"true","hf.Affiliation":"org1.department1","hf.EnrollmentID":"user3","hf.Type":"client","myparam":"nitish"}}