正在提取证书部分以使用OpenSSL对文件进行签名

正在提取证书部分以使用OpenSSL对文件进行签名,ssl,openssl,code-signing,code-signing-certificate,signtool,Ssl,Openssl,Code Signing,Code Signing Certificate,Signtool,我希望使用以下命令对.mobileconfig文件进行签名: openssl smime \ -sign \ -signer your-cert.pem \ -inkey your-priv-key.pem \ -certfile TheCertChain.pem \ -nodetach \ -outform der \ -in ConfigProfile.mobileconfig \ -out ConfigProfile_signed.mobileconfig 我有一个请求并安装在我的机器上

我希望使用以下命令对.mobileconfig文件进行签名:

openssl smime \
-sign \
-signer your-cert.pem \
-inkey your-priv-key.pem \
-certfile TheCertChain.pem \
-nodetach \
-outform der \
-in ConfigProfile.mobileconfig \
-out ConfigProfile_signed.mobileconfig
我有一个请求并安装在我的机器上的SSL证书,以及一个请求并安装在我的机器上的代码签名证书

现在,我应该使用哪种证书(代码签名还是SSL?),以及如何获得
your-cert.pem
priv-key.pem
TheCertChain.pem
文件

再次访问GoDaddy只会给我一个.pem文件,我甚至不知道它是哪一个

从godaddy运行.pem上的
openssl x509-in godaddy.pem-notify pem-noout-text
,给出以下信息:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
        Validity
            Not Before: Jun 29 17:06:20 2004 GMT
            Not After : Jun 29 17:06:20 2034 GMT
        Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:de:9d:d7:ea:57:18:49:a1:5b:eb:d7:5f:48:86:
                    ea:be:dd:ff:e4:ef:67:1c:f4:65:68:b3:57:71:a0:
                    ****REMOVED FOR BREVITY****
                    58:c6:44:7b:0a:3e:62:28:5f:ba:41:07:53:58:cf:
                    11:7e:38:74:c5:f8:ff:b5:69:90:8f:84:74:ea:97:
                    1b:af
                Exponent: 3 (0x3)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                D2:C4:****REMOVED FOR BREVITY****:A8:6A:D4:E3
            X509v3 Authority Key Identifier: 
                keyid:D2:C4:****REMOVED FOR BREVITY****D:A8:6A:D4:E3
                DirName:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
                serial:00

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
         32:4b:f3:b2:ca:3e:91:fc:12:c6:a1:07:8c:8e:77:a0:33:06:
         14:5c:90:1e:18:f7:08:a6:3d:0a:19:f9:87:80:11:6e:69:e4:
         96:17:30:ff:34:91:63:72:38:ee:cc:1c:01:a3:1d:94:28:a4:
         ****REMOVED FOR BREVITY****
         10:43:a6:a5:9e:0a:d5:95:62:9a:0d:cf:88:82:c5:32:0c:e4:
         2b:9f:45:e6:0d:9f:28:9c:b1:b9:2a:5a:57:ad:37:0f:af:1d:
         7f:db:bd:9f

您需要使用私钥、证书和链进行签名

your-cert.pem
是GoDaddy发给您的证书

您的私钥。pem
是您在钥匙链或命令行上生成的私钥,用于创建CSR

pem是GoDaddy的证书链,你可以在他们的网站上找到


仅供参考,下面是我如何用Ruby签署.mobileconfig的示例代码

您的编程问题是什么?运行命令
openssl x509-in godaddy.pem-inform pem-noout-text
-这将告诉您godaddy在他们给您的.pem中包含了什么。要么在私人指纹模糊的情况下发布结果,要么用更多细节更新你的答案。我已经发布了这个。我应该运行什么命令来提取
your-cert.pem
priv-key.pem