0

我开始学习 python 和 ssl 并使用 ssl python 的库创建一个套接字应用程序。起初,它只适用于 python 3.6,不适用于 3.7。经过一番谷歌后,我发现匹配 IP 地址与 CN 字段已被弃用 15 年。如何创建接受 127.0.0.1 的 .crt 和 .key 文件?如果可能的话,如何让它们自签名并为其他电脑一起工作。

我尝试使用以下 .conf 创建

[req]
default_bits       = 4096
default_md         = sha512
default_keyfile    = server.key
prompt             = no
encrypt_key        = no
distinguished_name = req_distinguished_name
[req_distinguished_name]
C = BR
ST = RJ
L = VR
O = Kyuu
OU = Kaori
CN = 127.0.0.1
[v3_req]
keyUsage = keyEncipherment, dataEncipherment, digitalSignature
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = 127.0.0.1
DNS.2 = localhost

观察员:。当我使用 OpenSSL 的 s_client 时,它可以工作

4

1 回答 1

0

经过很多谷歌我找到了解决方案,使用一个conf文件。

文件:

#
#Creating a self-signed certificate
#
####################################################################
[CA_default]
copy_extensions = copy

[req]
default_bits = 4096
prompt = no
default_md = sha256
days                   = 3650
serial                 = 1
distinguished_name     = req_distinguished_name
x509_extensions        = v3_ca


[req_distinguished_name]
C = 
ST = 
L = 
O = 
OU = 
CN = 

[ v3_ca ]
# The extentions to add to a self-signed cert
subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints       = CA:TRUE
keyUsage               = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign
subjectAltName         = @alternate_names
issuerAltName          = issuer:copy

[alternate_names]
DNS.0 = localhost

命令:

req -config [PATH HERE] -x509 -newkey rsa:2048 -keyout key.key -nodes -out cert.crt

路径就像 C:\path\to\file

于 2019-01-22T23:21:38.770 回答