问题
I need to generate a proof of possession, signing a verification code with my private key.
I did not find a question related to this, here in Stack Overflow, and I am not finding some reference on Internet. I am following this tutorial, but I want to use OpenSSL.
My verification code is related to a X509 certificate, like this:
7A69A4702DA903A41C3A5BC5575A8E3F49BEC5E5BA2D4CE1
回答1:
I got the answer with the Azure support team.
I already had my root key and X509 cert, generated with the following command:
openssl req -x509 -newkey rsa:2048 -keyout root_private.pem -nodes -out root_cert.pem
Then, I needed to generate the verification cert...
Create verification key:
openssl genrsa -out verification.key 2048Create the verification cert:
openssl req -new -key verification.key -out verification.csr
When creating the verification cert, I need to specify the verification code obtained (7A69A4702DA903A41C3A5BC5575A8E3F49BEC5E5BA2D4CE1) as the "Common Name" certificate field.
Now, just create the proof of possession certificate with the following command:
openssl x509 -req -in verification.csr -CA root_cert.pem -CAkey root_private.pem -CAcreateserial -out verificationCert.pem -days 1024 -sha256
If I am not wrong, this last command signs the verification.csr, that has the verification code as the Common Name, with the root private key. At the end, the verificationCert.pem can be used as the proof of possession.
来源:https://stackoverflow.com/questions/50337042/openssl-how-to-generate-a-proof-of-possesion-for-a-x509-certificate