1

我希望使用以下命令签署 .mobileconfig 文件:

openssl smime \
-sign \
-signer your-cert.pem \
-inkey your-priv-key.pem \
-certfile TheCertChain.pem \
-nodetach \
-outform der \
-in ConfigProfile.mobileconfig \
-out ConfigProfile_signed.mobileconfig

我有一个请求并安装在我的机器上的 SSL 证书,以及一个请求并安装在我的机器上的代码签名证书。

现在我应该使用哪个证书(代码签名或 SSL?),以及如何获取your-cert.pem,your-priv-key.pemTheCertChain.pem文件?

再次访问 GoDaddy 只会给我一个 .pem 文件,我什至不知道是哪个。

在 GoDaddy 的 .pem 上运行openssl x509 -in godaddy.pem -inform pem -noout -text会得到以下结果:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
        Validity
            Not Before: Jun 29 17:06:20 2004 GMT
            Not After : Jun 29 17:06:20 2034 GMT
        Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:de:9d:d7:ea:57:18:49:a1:5b:eb:d7:5f:48:86:
                    ea:be:dd:ff:e4:ef:67:1c:f4:65:68:b3:57:71:a0:
                    ****REMOVED FOR BREVITY****
                    58:c6:44:7b:0a:3e:62:28:5f:ba:41:07:53:58:cf:
                    11:7e:38:74:c5:f8:ff:b5:69:90:8f:84:74:ea:97:
                    1b:af
                Exponent: 3 (0x3)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                D2:C4:****REMOVED FOR BREVITY****:A8:6A:D4:E3
            X509v3 Authority Key Identifier: 
                keyid:D2:C4:****REMOVED FOR BREVITY****D:A8:6A:D4:E3
                DirName:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
                serial:00

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
         32:4b:f3:b2:ca:3e:91:fc:12:c6:a1:07:8c:8e:77:a0:33:06:
         14:5c:90:1e:18:f7:08:a6:3d:0a:19:f9:87:80:11:6e:69:e4:
         96:17:30:ff:34:91:63:72:38:ee:cc:1c:01:a3:1d:94:28:a4:
         ****REMOVED FOR BREVITY****
         10:43:a6:a5:9e:0a:d5:95:62:9a:0d:cf:88:82:c5:32:0c:e4:
         2b:9f:45:e6:0d:9f:28:9c:b1:b9:2a:5a:57:ad:37:0f:af:1d:
         7f:db:bd:9f
4

1 回答 1

0

您需要使用您的私钥、证书和链进行签名。

your-cert.pem是 GoDaddy 为您颁发的证书。

your-priv-key.pem是您在钥匙串或命令行上生成的用于创建 CSR 的私钥。

TheCertChain.pem是GoDaddy的证书链,你可以在他们的网站上找到

仅供参考,这是关于我如何在 Ruby 中签署 .mobileconfig 的示例代码https://github.com/AppBlade/TestHub/blob/master/app/controllers/devices_controller.rb#L31

于 2014-10-18T21:21:21.410 回答