以下做出的证书都是:SignatureAlgorithm:sm2sign-with-sm3
创建demoCA目录,在demoCA目录下执行:
mkdircertscrlnewcertsprivate
touchindex.txt
echo"01">serial
将通过以下自签名生成的cacert.pem放到demoCA目录下,cakey.pem放到demoCA/private
创建公私钥和证书请求:
gmsslecparam-genkey-namesm2p256v1-outcakey.pem
gmsslreq-new-sm3-keycakey.pem-outcacsr.pem
自签名
gmsslreq-x509-sm3-days3650-keycakey.pem-incacsr.pem-outcacert.pem
ca签名(在demoCA的父目录下执行)
gmsslca-mdsm3-inclient_csr.pem-outclient_cert.pem-days3650
显示证书信息:
gmsslx509-text-noout-incacert.pem
gmsslreq-incacsr.pem-noout-text
证书通信测试命令
SERVER:
gmssls_server-keyserver_key.pem-certserver_cert.pem-CAfilecacert.pem-cipherECDHE-SM4-SM3-verify1
CLIENT:
gmssls_client-keyclient_key.pem-certclient_cert.pem-CAfilecacert.pem-cipherECDHE-SM4-SM3-verify1
THE END