我正在用 python2 和 pyOpensSSL 编写一个测试夹具,它本质上是一个 SSL 工厂。此文本夹具创建自己的 CA 证书和密钥,然后创建由该 CA 签名的证书。
目前,我无法使用 openssl verify 验证证书。这就是我得到的:
server.pem: OU = Hosting Platform CA Testing, CN = test.com
error 7 at 0 depth lookup:certificate signature failure
139891057788744:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
139891057788744:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:797:
139891057788744:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:221:
CA 的密钥以及证书的生成方式如下:
def createKey(self):
self.key = OpenSSL.crypto.PKey()
self.key.generate_key(OpenSSL.crypto.TYPE_RSA, self.bits)
我已经为证书和颁发者 CA 证书验证了、-subject
和-subject-hash
:-issuer
-issuer-hash
server.pem:
subject= /OU=Hosting Platform CA Testing/CN=test.com
e209e907
issuer= /C=US/ST=Arizona/L=Gilbert/O=GoDaddy Hosting Platform/OU=Hosting Platform CA Testing/CN=ca.reveller.me
f04ea969
/etc/pki/tls/certs/f04ea969.0:
subject= /C=US/ST=Arizona/L=Gilbert/O=GoDaddy Hosting Platform/OU=Hosting Platform CA Testing/CN=ca.reveller.me
f04ea969
issuer= /C=US/ST=Arizona/L=Gilbert/O=GoDaddy Hosting Platform/OU=Hosting Platform CA Testing/CN=ca.reveller.me
f04ea969
我正在使用 X509v3 扩展并验证了密钥标识符哈希以确保它们匹配:
server.pem:
X509v3 Subject Key Identifier:
12:A1:CF:8A:FE:4C:BF:AD:3B:7D:1E:5F:8B:9B:B3:49:0E:D8:9D:91
X509v3 Authority Key Identifier:
keyid:24:13:EF:DC:9D:A6:09:28:08:FB:34:76:E0:56:AA:EF:42:02:99:2F
/etc/pki/tls/certs/f04ea969.0:
X509v3 Subject Key Identifier:
24:13:EF:DC:9D:A6:09:28:08:FB:34:76:E0:56:AA:EF:42:02:99:2F
X509v3 Authority Key Identifier:
24:13:EF:DC:9D:A6:09:28:08:FB:34:76:E0:56:AA:EF:42:02:99:2F
为什么我会收到填充错误?关于我可以在哪里寻找不匹配的任何想法?