ECC publickey, SHA384 signature hash algorithm.

openssl ecparam -genkey -name secp384r1 -out private/cakey.pem
openssl req -new -sha384 -x509 -key private/cakey.pem -out cacert.pem
openssl ecparam -genkey -name secp384r1 -out feng.cmd.gd.key
openssl req -new -sha256 -key feng.cmd.gd.key -out feng.cmd.gd.csr
openssl ca -in nginx.csr -out nginx.crt

SAN

openssl req -new -sha256 \
    -key feng.cmd.gd.key \
    -subj "/C=CN/ST=Beijing/L=Beijing/O=UnitedStack/OU=Devops/CN=www.ustack.com" \
    -reqexts SAN \
    -config <(cat /etc/pki/tls/openssl.cnf \
        <(printf "[SAN]\nsubjectAltName=DNS:www.ustack.in,DNS:www.test.ustack.com")) \
    -out ustack.csr
openssl ca -in ustack.csr \
    -extensions SAN \
    -config <(cat /etc/pki/tls/openssl.cnf \
        <(printf "[SAN]\nsubjectAltName=DNS:www.ustack.in,DNS:www.test.ustack.com")) \ 
    -out ustack.crt
openssl x509 -noout -fingerprint -sha256 -inform pem -in cacert.pem
openssl x509 -noout -fingerprint -sha1 -inform pem -in cacert.pem

https://social.technet.microsoft.com/Forums/ie/en-US/9543cd5b-c3b3-4d13-a9c4-46b97f2c6c18/signature-algorithm-shows-quotsha256quot-but-thumbprint-algorithm-still-says-quotsha1quot

标签: none

添加新评论