[英]How do I create an ECDSA certificate with the OpenSSL command-line
I'm building a server app in C++ that needs to accept a certificate containing an ECDSA public key. 我正在构建一个C ++服务器应用程序,需要接受包含ECDSA公钥的证书。 It must validate the certificate and, upon verification, use the public key contained in the certificate to authenticate a message sent along with the certificate.
它必须验证证书,并在验证时使用证书中包含的公钥来验证与证书一起发送的消息。
I have all this working using ECDSA keypairs generated on the fly - ie my code is working nicely - but now I need to do the certificate piece. 我使用ECDSA密钥对即时工作 - 即我的代码运行良好 - 但现在我需要做证书片。
And I figured I could use OpenSSL's command-line to create the certificate which is installed on the client (along with the ECDSA private key in a separate file). 我想我可以使用OpenSSL的命令行来创建安装在客户端上的证书(以及单独文件中的ECDSA私钥)。
Can anyone help? 有人可以帮忙吗?
If you haven't chosen a curve, you can list them with this command: 如果您没有选择曲线,可以使用以下命令列出它们:
openssl ecparam -list_curves
I picked secp256r1
for this example. 我为这个例子选了
secp256r1
。 Use this to generate an EC private key if you don't have one already: 如果您还没有EC私钥,请使用此私钥生成:
openssl ecparam -out ec_key.pem -name secp256r1 -genkey
And then generate the certificate. 然后生成证书。 Your certificate will be in
cert.pem
. 您的证书将在
cert.pem
。
openssl req -new -key ec_key.pem -x509 -nodes -days 365 -out cert.pem
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.