-
-
Save 7error/eaf4761d06f545605e8fe94126aae7e2 to your computer and use it in GitHub Desktop.
openssl output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ req ] | |
default_bits = 2048 | |
default_md = sha512 | |
default_keyfile = vernemq.key | |
prompt = no | |
encrypt_key = no | |
distinguished_name = req_distinguished_name | |
[ req_distinguished_name ] | |
countryName = RU | |
stateOrProvinceName = Moscow | |
localityName = Moscow | |
organizationName = Ivi Knob | |
commonName = iviknob.com | |
[ req_ext ] | |
subjectAltName = @alt_names | |
[ alt_names ] | |
DNS.1 = localhost | |
DNS.2 = redde.ru | |
DNS.3 = iviknob.com | |
IP.1 = 127.0.0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
До шага 4 включительно все тоже самое, шаг 5: | |
$~: openssl x509 -req -in vernemq.csr -CA vernemq_ca.crt -CAkey vernemq_ca.key -CAcreateserial -extensions req_ext -extfile cert.cnf -out vernemq.crt -days 3650 | |
Две опции: | |
- extensions [имя секции в конфиге, которое определяет, откуда брать Subject Alt Name, в частности] | |
- extfile [собственно, файл конфига] | |
Изменить конфиг vernemq.conf: | |
allow_anonymous = on | |
далее вывод по минимуму: | |
$~: openssl x509 -text -noout -in vernemq.crt -certopt no_subject,no_header,no_version,no_serial,no_signame,no_validity,no_issuer,no_pubkey,no_sigdump,no_aux | |
X509v3 extensions: | |
X509v3 Subject Alternative Name: | |
DNS:localhost, DNS:redde.ru, DNS:iviknob.com, IP Address:127.0.0.1 | |
Check with mosquitto: | |
$~: mosquitto_pub -h localhost -p 8883 -t test/test -m "test" -d --cafile ~/dev/knob/cert/vernemq_ca.crt | |
$~: mosquitto_sub -h localhost -p 8883 --cafile ./vernemq_ca.crt -t "test/test" --cert ./vernemq.crt --key ./vernemq.key -d |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment