the section of the configuration file containing CRL extensions to
include. If no CRL extension section is present then a V1 CRL is created,
if the CRL extension section is present (even if it is empty) then a V2
CRL is created. The CRL extensions specified are CRL extensions and not
CRL entry extensions. It should be noted that some software (for example
Netscape) can't handle V2 CRLs.
相信刚才大家都看到很多选项都和config文件有关,那么我们来解释一下config文件make install之后,openssl会生成一个全是缺省值的config文件:openssl.cnf.也长的很,贴出来有赚篇幅之嫌,xgh不屑。简单解释一下其中与CA有关的key. 与CA有关的key都在ca这个section之中。 [ ca ] default_ca = CA_default [ CA_default ] dir = ./demoCA # Where everything is kept certs = $dir/certs # Where the issued certs are kept
精品推荐