Last active
October 7, 2019 13:00
-
-
Save ZloyPotroh/a22a34ae499ad5e918f4a9eea4098873 to your computer and use it in GitHub Desktop.
openssl output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ req ] | |
default_bits = 2048 | |
default_md = sha512 | |
default_keyfile = vernemq.key | |
prompt = no | |
encrypt_key = no | |
distinguished_name = req_distinguished_name | |
[ req_distinguished_name ] | |
countryName = RU | |
stateOrProvinceName = Moscow | |
localityName = Moscow | |
organizationName = Ivi Knob | |
commonName = iviknob.com | |
[ req_ext ] | |
subjectAltName = @alt_names | |
[ alt_names ] | |
DNS.1 = localhost | |
DNS.2 = redde.ru | |
DNS.3 = iviknob.com | |
IP.1 = 127.0.0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
До шага 4 включительно все тоже самое, шаг 5: | |
$~: openssl x509 -req -in vernemq.csr -CA vernemq_ca.crt -CAkey vernemq_ca.key -CAcreateserial -extensions req_ext -extfile cert.cnf -out vernemq.crt -days 3650 | |
Две опции: | |
- extensions [имя секции в конфиге, которое определяет, откуда брать Subject Alt Name, в частности] | |
- extfile [собственно, файл конфига] | |
Изменить конфиг vernemq.conf: | |
allow_anonymous = on | |
далее вывод по минимуму: | |
$~: openssl x509 -text -noout -in vernemq.crt -certopt no_subject,no_header,no_version,no_serial,no_signame,no_validity,no_issuer,no_pubkey,no_sigdump,no_aux | |
X509v3 extensions: | |
X509v3 Subject Alternative Name: | |
DNS:localhost, DNS:redde.ru, DNS:iviknob.com, IP Address:127.0.0.1 | |
Check with mosquitto: | |
$~: mosquitto_pub -h localhost -p 8883 -t test/test -m "test" -d --cafile ~/dev/knob/cert/vernemq_ca.crt | |
$~: mosquitto_sub -h localhost -p 8883 --cafile ./vernemq_ca.crt -t "test/test" --cert ./vernemq.crt --key ./vernemq.key -d |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment