What are the attributes of a bag and how can I generate them?

Question

What are the attributes of a bag and how can I generate them?

when converting some certificates from the keystore to openssl / pem, I first noticed that the "Bag" attributes were added to the certificates.

It looks like this:

Bag Attributes
    friendlyName: CN=PositiveSSL CA,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
subject=/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=PositiveSSL CA
issuer=/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST    Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware

Do they serve any function?

I noticed that I like them because they make my chaining files (certificate concatenation) more clear. Unfortunately, the ca certificates that I upload do not have them.

So how do I generate them?

+4

c ssl openssl pkcs # 12

Scheintod Dec 16 '14 at 22:19

source share

1 answer

dave_thompson_085 · Accepted Answer · 2014-12-17T06:46:44+0000

, , -, ( ) openssl pkcs12 (import) PKCS # 12, Java , () Java9 2017 . PKCS # 12 () , , (). OpenSSL pkcs12 -export , "" , , API, , -, . , Java PKCS # 12 8, 8 9 : pkcs9.friendlyName 2.16.840.1.113894.746875.1.1, , -, Oracle trustedKeyUsage. , PKCS # 12.

PKCS # 12 ( ) "" , , privatekeys certs , " "; (-) (). OID OID. friendlyName , , .

subject= issuer= - , openssl pkcs12 (import) . , x509; , PEM- "blob" pkcs12, openssl x509 -in infile -subject -issuer -out outfile. , , PEM , , , ; , -

$ awk <chainfile -va="openssl x509 -subject \
  -issuer >cert_" '/^-----BEGIN/{b=a (++n);x=1}x{print|b}/^-----END/{close(b);x=0}'

$ cat cert_* >newchain    # if desired; or just don't redirect 
                          # in the above and use its aggregated stdout

, openssl s_client -showcerts - : cert , , "s:" "i:".

What are the attributes of a bag and how can I generate them?

More articles: