尝试读回时,OpenSSL 似乎已损坏subjectAltName/otherName/UTF8自行编写的值:
相关openssl.cnf配置(使用官方但随机的 OID):
[alt_names]
DNS.1 = www.foo.com
DNS.2 = www.bar.org
IP.1 = 192.168.1.1
IP.2 = 192.168.69.144
email = email@me
otherName = 1.3.6.1.4.1.1;UTF8:some other identifier
从此配置生成的 CSR 转储中获取的示例:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:www.foo.com, DNS:www.bar.org, IP Address:192.168.1.1, IP Address:192.168.69.144, email:email@me, othername:<unsupported>
Signature Algorithm: sha1WithRSAEncryption
6f:4a:1d:8f:43:7e:4d:d1:0c:7e:05:9d:1f:f0:98:b1:69:cf:
有人能指出我是否做错了吗?这让我很抓狂。
答案1
仅供参考,您必须找到“OBJECT:X509v3 主题备用名称”行正下方的“OCTET STRING”行,然后strparse
:
# print section offset via
openssl asn1parse -in yourcert.pem
# parse otherName from "OCTET STRING"
openssl asn1parse -in yourcert.pem -strparse <offset>