{"id":44804,"date":"2023-11-13T17:37:48","date_gmt":"2023-05-14T08:26:37","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/"},"modified":"2024-05-04T08:51:01","modified_gmt":"2024-05-04T00:51:01","slug":"44804-2","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/","title":{"rendered":""},"content":{"rendered":"<h1>1.\u3053\u306e\u8a18\u4e8b\u306e\u5bfe\u8c61\u306e\u4eba<\/h1>\n<ul class=\"post-ul\">Golang \u3067\u3001\u5c5e\u6027\u203b\u4ed8\u304d\u306e\u8a3c\u660e\u66f8\u8981\u6c42( CSR ) \u3092\u4f5c\u3063\u3066\u307f\u305f\u3044\u4eba<\/ul>\n<p>\u203b\u8a3c\u660e\u66f8\u306e X.509 certificate extensions \u7528\u9014\u306e\u305f\u3081\u306e\u5c5e\u6027\u3092\u4ed8\u3051\u307e\u3059\u3002<br \/>\n\u203b\u4ee5\u4e0b\u3001\u8a3c\u660e\u66f8\u8981\u6c42\u306f CSR \u3068\u547c\u79f0\u3057\u307e\u3059\u3002<\/p>\n<h1>2.\u6982\u8981<\/h1>\n<p>\u3053\u306e\u8a18\u4e8b\u306e\u6982\u8981\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3059\u3002<\/p>\n<p>1. Golang \u3067 SubjectAltName \u3068 KeyUsage \u306e\u5c5e\u6027\u3092\u3082\u3064 CSR \u3092\u751f\u6210<br \/>\n2. OpenSSL \u3067SubjectAltName \u3068 KeyUsage \u306e\u5c5e\u6027\u3092\u3082\u3064 CSR \u3092\u4f5c\u6210<br \/>\n3. \u4f5c\u6210\u3057\u305f\u305d\u308c\u305e\u308c\u306e CSR \u306e\u4e2d\u8eab\u3092\u6bd4\u8f03<br \/>\n4. \u304a\u307e\u3051&#8211; CSR \u306e\u5c5e\u6027\u306e ASN.1 \u30c7\u30fc\u30bf\u69cb\u9020\u306e\u8abf\u67fb\uff08\u8a73\u3057\u304f\u77e5\u308a\u305f\u3044\u4eba\u5411\u3051\uff09<\/p>\n<h1>3.Golang \u3067 SubjectAltName \u3068 KeyUsage \u306e\u5c5e\u6027\u3092\u3082\u3064 CSR \u3092\u751f\u6210<\/h1>\n<p>Golang \u3067CSR\u306f\u3001CreateCertificateRequest\u95a2\u6570\u3067\u4f5c\u6210\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u5c5e\u6027\u3092\u8ffd\u52a0\u3059\u308b\u5834\u5408\u3001template\u3067\u5024\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<p>SubjectAltName \u5c5e\u6027\u306f template \u306e<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">DNSNames<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">EmailAddresses<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">IPAddresses<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">URIs<\/ul>\n<p>\u306b\u5024\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"n\">DNSNames<\/span><span class=\"o\">:<\/span>        <span class=\"p\">[]<\/span><span class=\"kt\">string<\/span><span class=\"p\">{<\/span><span class=\"s\">\"www.example.com\"<\/span><span class=\"p\">,<\/span> <span class=\"s\">\"www.example.co.jp\"<\/span><span class=\"p\">},<\/span>\r\n<\/code><\/pre>\n<p>KeyUsage \u5c5e\u6027\u306f template \u306b\u76f4\u63a5\u6307\u5b9a\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u305b\u3093\u3002<br \/>\n\u4ee3\u308f\u308a\u306bKeyUsage \u306e pkix.Extension \u3092\u4f5c\u6210\u3057 ExtraExtensions \u306b Extension \u306e1\u3064\u3068\u3057\u3066\u6307\u5b9a\u3057\u307e\u3059\u3002<br \/>\nmarshalKeyUsage\u95a2\u6570\u306f\u3001x509 \u30d1\u30c3\u30b1\u30fc\u30b8\u304b\u3089\u79fb\u690d\u3057\u307e\u3057\u305f\u3002\u8a73\u7d30\u306f\u30b3\u30fc\u30c9\u3092\u53c2\u7167\u304f\u3060\u3055\u3044\u3002<\/p>\n<pre class=\"post-pre\"><code>    <span class=\"k\">var<\/span> <span class=\"n\">ku<\/span> <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">KeyUsage<\/span>\r\n    <span class=\"n\">ku<\/span> <span class=\"o\">=<\/span> <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">KeyUsageDigitalSignature<\/span> <span class=\"o\">|<\/span> <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">KeyUsageCertSign<\/span> <span class=\"o\">|<\/span> <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">KeyUsageCRLSign<\/span>\r\n    <span class=\"n\">kex<\/span><span class=\"p\">,<\/span> <span class=\"n\">err<\/span> <span class=\"o\">:=<\/span> <span class=\"n\">marshalKeyUsage<\/span><span class=\"p\">(<\/span><span class=\"n\">ku<\/span><span class=\"p\">)<\/span>\r\n<\/code><\/pre>\n<p>SubjectAltName \u3068 KeyUsage \u5c5e\u6027\u3092\u6301\u3063\u305f template \u306f\u4ee5\u4e0b\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code>    <span class=\"n\">template<\/span> <span class=\"o\">:=<\/span> <span class=\"o\">&amp;<\/span><span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">CertificateRequest<\/span><span class=\"p\">{<\/span>\r\n        <span class=\"n\">PublicKeyAlgorithm<\/span><span class=\"o\">:<\/span> <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">RSA<\/span><span class=\"p\">,<\/span>\r\n        <span class=\"n\">PublicKey<\/span><span class=\"o\">:<\/span>          <span class=\"n\">publicKey<\/span><span class=\"p\">,<\/span>\r\n        <span class=\"n\">SignatureAlgorithm<\/span><span class=\"o\">:<\/span> <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">SHA256WithRSA<\/span><span class=\"p\">,<\/span>\r\n\r\n        <span class=\"n\">Subject<\/span><span class=\"o\">:<\/span> <span class=\"n\">pkix<\/span><span class=\"o\">.<\/span><span class=\"n\">Name<\/span><span class=\"p\">{<\/span>\r\n            <span class=\"n\">CommonName<\/span><span class=\"o\">:<\/span>         <span class=\"s\">\"www.example.org\"<\/span><span class=\"p\">,<\/span>\r\n            <span class=\"n\">OrganizationalUnit<\/span><span class=\"o\">:<\/span> <span class=\"p\">[]<\/span><span class=\"kt\">string<\/span><span class=\"p\">{<\/span><span class=\"s\">\"Example Org Unit\"<\/span><span class=\"p\">},<\/span>\r\n            <span class=\"n\">Organization<\/span><span class=\"o\">:<\/span>       <span class=\"p\">[]<\/span><span class=\"kt\">string<\/span><span class=\"p\">{<\/span><span class=\"s\">\"Example Org\"<\/span><span class=\"p\">},<\/span>\r\n            <span class=\"n\">Country<\/span><span class=\"o\">:<\/span>            <span class=\"p\">[]<\/span><span class=\"kt\">string<\/span><span class=\"p\">{<\/span><span class=\"s\">\"JP\"<\/span><span class=\"p\">},<\/span>\r\n        <span class=\"p\">},<\/span>\r\n\r\n        <span class=\"n\">DNSNames<\/span><span class=\"o\">:<\/span>        <span class=\"p\">[]<\/span><span class=\"kt\">string<\/span><span class=\"p\">{<\/span><span class=\"s\">\"www.example.com\"<\/span><span class=\"p\">,<\/span> <span class=\"s\">\"www.example.co.jp\"<\/span><span class=\"p\">},<\/span>\r\n        <span class=\"n\">ExtraExtensions<\/span><span class=\"o\">:<\/span> <span class=\"p\">[]<\/span><span class=\"n\">pkix<\/span><span class=\"o\">.<\/span><span class=\"n\">Extension<\/span><span class=\"p\">{<\/span><span class=\"n\">kex<\/span><span class=\"p\">},<\/span>\r\n    <span class=\"p\">}<\/span>\r\n<\/code><\/pre>\n<p>CSR \u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code>    <span class=\"c\">\/\/PKCS#10 Certification Request [RFC2986]<\/span>\r\n    <span class=\"n\">csr<\/span><span class=\"p\">,<\/span> <span class=\"n\">err<\/span> <span class=\"o\">:=<\/span> <span class=\"n\">x509<\/span><span class=\"o\">.<\/span><span class=\"n\">CreateCertificateRequest<\/span><span class=\"p\">(<\/span><span class=\"n\">rand<\/span><span class=\"o\">.<\/span><span class=\"n\">Reader<\/span><span class=\"p\">,<\/span> <span class=\"n\">template<\/span><span class=\"p\">,<\/span> <span class=\"n\">privateKey<\/span><span class=\"p\">)<\/span>\r\n<\/code><\/pre>\n<h1>4.OpenSSL \u3067 SubjectAltName \u3068 KeyUsage \u306e\u5c5e\u6027\u3092\u3082\u3064 CSR \u3092\u4f5c\u6210<\/h1>\n<p>OpenSSL \u3067\u5c5e\u6027\u3092\u3082\u3064 CSR \u3092\u4f5c\u6210\u3059\u308b\u65b9\u6cd5\u306f\u5e7e\u3064\u304b\u3042\u308a\u307e\u3059\u3002<br \/>\n\u3053\u3053\u3067\u306f SubjectAltName \u3068 KeyUsage \u306e\u5024\u3092\u6307\u5b9a\u3057\u305f cnf \u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u3001\u305d\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u5f15\u6570\u306b\u6307\u5b9a\u3057\u3066 OpenSSL \u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057 CSR \u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<p>\u3053\u3053\u3067\u306f\u3001 ext.cnf \u3068\u3044\u3046\u540d\u524d\u306e cnf \u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"o\">[<\/span> req <span class=\"o\">]<\/span>\r\nreq_extensions <span class=\"o\">=<\/span> req_ext\r\ndistinguished_name <span class=\"o\">=<\/span> req_distinguished_name\r\nprompt <span class=\"o\">=<\/span> no\r\n\r\n<span class=\"o\">[<\/span> req_distinguished_name <span class=\"o\">]<\/span>\r\ncountryName <span class=\"o\">=<\/span> JP\r\norganizationName <span class=\"o\">=<\/span> Example Org\r\norganizationalUnitName <span class=\"o\">=<\/span> Example Org Unit \r\ncommonName <span class=\"o\">=<\/span> www.example.org \r\n\r\n<span class=\"o\">[<\/span> req_ext <span class=\"o\">]<\/span>\r\nsubjectAltName <span class=\"o\">=<\/span> @alt_names\r\nkeyUsage <span class=\"o\">=<\/span> nonRepudiation, digitalSignature, keyEncipherment\r\n\r\n<span class=\"o\">[<\/span>alt_names]\r\nDNS.1 <span class=\"o\">=<\/span> www.example.com\r\nDNS.2 <span class=\"o\">=<\/span> www.example.co.jp\r\n\r\n<\/code><\/pre>\n<p>OpenSSL \u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057 CSR \u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"nv\">$ <\/span>openssl req <span class=\"nt\">-new<\/span> <span class=\"nt\">-config<\/span> ext.cnf <span class=\"nt\">-newkey<\/span> rsa:2048 <span class=\"nt\">-nodes<\/span> <span class=\"nt\">-keyout<\/span> ext.key <span class=\"nt\">-out<\/span> opensslext.csr\r\n<\/code><\/pre>\n<h1>5.\u4f5c\u6210\u3057\u305f\u305d\u308c\u305e\u308c\u306e CSR \u306e\u4e2d\u8eab\u3092\u6bd4\u8f03<\/h1>\n<p>OpenSSL\u3067\u4f5c\u6210\u3057\u305f CSR \u306e\u4e2d\u8eab\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"nv\">$ <\/span>openssl req <span class=\"nt\">-text<\/span> <span class=\"nt\">-noout<\/span> <span class=\"nt\">-in<\/span> opensslext.csr\r\nCertificate Request:\r\n    Data:\r\n        Version: 1 <span class=\"o\">(<\/span>0x0<span class=\"o\">)<\/span>\r\n        Subject: C <span class=\"o\">=<\/span> JP, O <span class=\"o\">=<\/span> Example Org, OU <span class=\"o\">=<\/span> Example Org Unit, CN <span class=\"o\">=<\/span> www.example.org\r\n        Subject Public Key Info:\r\n            Public Key Algorithm: rsaEncryption\r\n                RSA Public-Key: <span class=\"o\">(<\/span>2048 bit<span class=\"o\">)<\/span>\r\n                Modulus:\r\n                   \u7701\u7565\r\n                Exponent: 65537 <span class=\"o\">(<\/span>0x10001<span class=\"o\">)<\/span>\r\n        Attributes:\r\n        Requested Extensions:\r\n            X509v3 Subject Alternative Name: \r\n                DNS:www.example.com, DNS:www.example.co.jp\r\n            X509v3 Key Usage: \r\n                Digital Signature, Non Repudiation, Key Encipherment\r\n    Signature Algorithm: sha256WithRSAEncryption\r\n         \u7701\u7565\r\n<\/code><\/pre>\n<p>\u6b21\u306b Golang \u3067\u4f5c\u6210\u3057\u305f CSR \u306e\u4e2d\u8eab\u3092\u8868\u793a\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"nv\">$ <\/span>openssl req <span class=\"nt\">-text<\/span> <span class=\"nt\">-noout<\/span> <span class=\"nt\">-in<\/span> goExtPem.csr\r\nCertificate Request:\r\n    Data:\r\n        Version: 1 <span class=\"o\">(<\/span>0x0<span class=\"o\">)<\/span>\r\n        Subject: C <span class=\"o\">=<\/span> JP, O <span class=\"o\">=<\/span> Example Org, OU <span class=\"o\">=<\/span> Example Org Unit, CN <span class=\"o\">=<\/span> www.example.org\r\n        Subject Public Key Info:\r\n            Public Key Algorithm: rsaEncryption\r\n                RSA Public-Key: <span class=\"o\">(<\/span>2048 bit<span class=\"o\">)<\/span>\r\n                Modulus:\r\n                   \u7701\u7565\r\n                Exponent: 65537 <span class=\"o\">(<\/span>0x10001<span class=\"o\">)<\/span>\r\n        Attributes:\r\n        Requested Extensions:\r\n            X509v3 Subject Alternative Name: \r\n                DNS:www.example.com, DNS:www.example.co.jp\r\n            X509v3 Key Usage: \r\n               Digital Signature, Non Repudiation, Key Encipherment\r\n    Signature Algorithm: sha256WithRSAEncryption\r\n         \u7701\u7565\r\n\r\n<\/code><\/pre>\n<p>\u540c\u3058\u3067\u3059\u306d\u3002Golang\u3067\u6b63\u3057\u304f\u5c5e\u6027\u4ed8\u304d CSR \u304c\u4f5c\u6210\u3067\u304d\u305f\u3088\u3046\u3067\u3059\u3002<\/p>\n<h1>6.\u304a\u307e\u3051 &#8212; CSR \u306e\u5c5e\u6027\u306e ASN.1 \u30c7\u30fc\u30bf\u69cb\u9020\u306e\u8abf\u67fb<\/h1>\n<p>\u4ee5\u4e0b CSR \u306e\u5c5e\u6027\u306e ANS.1 \u30c7\u30fc\u30bf\u69cb\u9020\u306b\u3064\u3044\u3066\u8a73\u3057\u304f\u77e5\u308a\u305f\u3044\u4eba\u5411\u3051\u3068\u306a\u308a\u307e\u3059\u3002\u8208\u5473\u306e\u3042\u308b\u4eba\u306f\u3069\u3046\u305e\u3002<\/p>\n<p>CSR \u306f\u3001RFC2986 \u3067\u306f \u4ee5\u4e0b\u306e\u3088\u3046\u306b\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code>   [PKCS#10] https:\/\/datatracker.ietf.org\/doc\/html\/rfc2986#section-4\r\n\r\n   CertificationRequestInfo ::= SEQUENCE {\r\n        version       INTEGER { v1(0) } (v1,...),\r\n        subject       Name,\r\n        subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},\r\n        attributes    [0] Attributes{{ CRIAttributes }}\r\n   }\r\n\r\n   SubjectPublicKeyInfo { ALGORITHM : IOSet} ::= SEQUENCE {\r\n        algorithm        AlgorithmIdentifier {{IOSet}},\r\n        subjectPublicKey BIT STRING\r\n   }\r\n\r\n   PKInfoAlgorithms ALGORITHM ::= {\r\n        ...  -- add any locally defined algorithms here -- }\r\n\r\n   Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}\r\n\r\n   CRIAttributes  ATTRIBUTE  ::= {\r\n        ... -- add any locally defined attributes here -- }\r\n\r\n   Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {\r\n        type   ATTRIBUTE.&amp;id({IOSet}),\r\n        values SET SIZE(1..MAX) OF ATTRIBUTE.&amp;Type({IOSet}{@type})\r\n   }\r\n<\/code><\/pre>\n<p>\u5c5e\u6027\u3060\u3051\u306b\u6ce8\u76ee\u3059\u308b\u3068\u3001\u5c5e\u6027\u306f<\/p>\n<pre class=\"post-pre\"><code>attributes    [0] Attributes{{ CRIAttributes }}\r\n<\/code><\/pre>\n<p>Type \u304c Context-specific[0] \u3067 Value \u304c\u3000Attributes{{ CRIAttributes }} \u3068\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u3002<br \/>\nAttributes{{ CRIAttributes }} \u306f\u3001Attributes{} \u306e\u30d1\u30e9\u30e1\u30bf\u304c CRIAttributes \u3067\u3042\u308b\u3053\u3068\u3092\u610f\u5473\u3057\u307e\u3059\u3002<br \/>\nCRIAttributes \u306f ATTRIBUTE \u30af\u30e9\u30b9\u306e Information Object Set \u3067\u3059\u3002<br \/>\nCRIAttributes \u81ea\u4f53\u306e\u5b9a\u7fa9\u306f\u3001<\/p>\n<pre class=\"post-pre\"><code>   CRIAttributes  ATTRIBUTE  ::= {\r\n        ... -- add any locally defined attributes here -- }\r\n<\/code><\/pre>\n<p>\u3068\u66f8\u3044\u3066\u3042\u308b\u306e\u3067\u4efb\u610f\u306e\u3088\u3046\u3067\u3059\u3002<\/p>\n<p>\u6b21\u306b Attributes \u306e\u5b9a\u7fa9\u3092\u307f\u308b\u3068<\/p>\n<pre class=\"post-pre\"><code>   Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}\r\n<\/code><\/pre>\n<p>Attributes \u306f\u3001 SET OF Attribute{{ IOSet }} \u3068\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u3002<br \/>\n\u3053\u3053\u3067\u3001IOSet = CRIAttributes \u3067\u3059\u3002<\/p>\n<p>\u6b21\u306b SET OF \u306e Value \u3067\u3042\u308b Attribute \u306f\u3001<\/p>\n<pre class=\"post-pre\"><code>   Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {\r\n        type   ATTRIBUTE.&amp;id({IOSet}),\r\n        values SET SIZE(1..MAX) OF ATTRIBUTE.&amp;Type({IOSet}{@type})\r\n   }\r\n<\/code><\/pre>\n<p>\u3068\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306f\u3001<br \/>\nSEQUENCE \u304c type \u3068 values\u3092\u6301\u3064\u3002<br \/>\n\u3053\u306e\u6642\u3001type \u306f [ ATTRIBUTE \u30af\u30e9\u30b9 \u306e &amp;id ] \u3092\u6301\u3064\u3002<br \/>\n\uff08\u305f\u3060\u3057\u3001&amp;id \u306f\u3001CRIAttributes \u3067\u5b9a\u7fa9\u3055\u308c\u305f Information Object \u306e\u96c6\u5408\u306e &amp;id \u306e\u5024\u306e\u7bc4\u56f2\u306b\u62d8\u675f\u3055\u308c\u308b\uff09<br \/>\n\u3053\u306e\u6642\u3001values \u306f SET SIZE(1..MAX) OF [ ATTRIBUTE \u30af\u30e9\u30b9\u306e &amp;Type ] \u3092\u6301\u3064\u3002<br \/>\n\uff08\u305f\u3060\u3057\u3001&amp;Type \u306e\u5024\u306f type\u3067\u6307\u5b9a\u3057\u305f\u5024(= &amp;id ) \u306b\u5bfe\u5fdc\u3059\u308b Information Object \u306e &amp;Type \u306e\u5024\u306b\u62d8\u675f\u3055\u308c\u308b)<\/p>\n<p>\u203b Information object class \u3084 \u62d8\u675f(Constrain) \u306e\u6587\u6cd5\u306e\u8a73\u7d30\u306f\u4ee5\u4e0b\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<br \/>\nRFC6025<br \/>\nOSS Nokalva, Inc. \u793e\u306e ASN.1 \u89e3\u8aac<\/p>\n<p>\u3053\u3053\u3067\u3001RFC2986 \u306e attributes \u306e\u8aac\u660e \u306b\u306f<\/p>\n<pre class=\"post-pre\"><code>        attributes is a collection of attributes providing additional\r\n          information about the subject of the certificate.  Some\r\n          attribute types that might be useful here are defined in PKCS\r\n          #9.  An example is the challenge-password attribute, which\r\n          specifies a password by which the entity may request\r\n          certificate revocation.  Another example is information to\r\n          appear in X.509 certificate extensions (e.g. the\r\n          extensionRequest attribute from PKCS #9).\r\n<\/code><\/pre>\n<p>\u3068\u66f8\u3044\u3066\u3042\u308a\u307e\u3059\u3002<br \/>\n\u4eca\u56de\u306f\u3001 X.509 certificate extensions \u7528\u306b\u4ed8\u52a0\u60c5\u5831\u3092\u5c5e\u6027\u306b\u6307\u5b9a\u3057\u305f\u3044\u306e\u3067\u3001RFC2985 (PKCS#9) \u306e Extension request \u3092\u53c2\u7167\u3057\u307e\u3059\u3002<br \/>\nExtension request \u306f<\/p>\n<pre class=\"post-pre\"><code>  5.4.2 Extension request\r\n\r\n   The extensionRequest attribute type may be used to carry information\r\n   about certificate extensions the requester wishes to be included in a\r\n   certificate.\r\n\r\n   extensionRequest ATTRIBUTE ::= {\r\n           WITH SYNTAX ExtensionRequest\r\n           SINGLE VALUE TRUE\r\n           ID pkcs-9-at-extensionRequest\r\n   }\r\n\r\n   ExtensionRequest ::= Extensions\r\n\r\n   The Extensions type is imported from [10].\r\n\r\n[10] ISO\/IEC 9594-8:1997: Information technology - Open Systems\r\nInterconnection - The Directory: Authentication framework. 1997.\r\n<\/code><\/pre>\n<p>\u3068\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u3002 \u3068\u3044\u3046\u3053\u3068\u3067\u4eca\u56de\u3001 CRIAttributes \u3067\u4f7f\u7528\u3059\u308b Information Object \u306f\u3001extensionRequest \u306b\u306a\u308a\u307e\u3059\u3002<br \/>\n\u203b\u4f59\u8ac7\u3067\u3059\u304cRFC2985 5.4\u7bc0 \u306b\u5f93\u3048\u3070\u3001Information Object Set \u3068\u3057\u3066\u306e CRIAttributes \u306f\u3053\u3046\u5b9a\u7fa9\u3067\u304d\u308b\u306f\u305a&#8230;<br \/>\nCRIAttributes ATTRIBUTE ::= { challengePassword | extensionRequest | extendedCertificateAttributes , &#8230; }<\/p>\n<p>\u3053\u3053\u3067\u3001Extensions \u306e\u5b9a\u7fa9\u306f\u3001ISO\/IEC 9594-8:1997 \u3092\u53c2\u7167\u305b\u3088\u3068\u66f8\u3044\u3066\u3042\u308b\u306e\u3067<br \/>\nISO\/IEC 9594-8:1997 \u3092\u53c2\u7167\u3059\u308b\u3068 Extensions \u306f<\/p>\n<pre class=\"post-pre\"><code>Extensions ::= SEQUENCE OF Extension\r\nExtension ::= SEQUENCE {\r\nextnId EXTENSION.&amp;id ({ExtensionSet}),\r\ncritical BOOLEAN DEFAULT FALSE,\r\nextnValue OCTET STRING\r\n-- contains a DER encoding of a value of type &amp;ExtnType\r\n-- for the extension object identified by extnId -- }\r\n<\/code><\/pre>\n<p>\u3068\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u4ee5\u4e0a\u304b\u3089 CSR \u306b\u8a3c\u660e\u66f8\u306e X.509 certificate extensions \u7528\u9014\u306e\u5c5e\u6027\u3092\u3064\u3051\u308b\u5834\u5408\u3001\u5c5e\u6027\u306e ASN.1 \u30c7\u30fc\u30bf\u69cb\u9020\u306e\u6a21\u5f0f\u56f3\u306f\u4ee5\u4e0b\u306b\u306a\u308b\u306f\u305a\u3067\u3059\u3002<\/p>\n<pre class=\"post-pre\"><code>Context-Specific[0]\r\n    SET OF\r\n        SEQUENCE\r\n            ObjectIdentifier(Extension Request : 1.2.840.113549.1.9.14)\r\n            SET OF\r\n                SEQUENCE\r\n                    SEQUENCE\r\n                        ObjectIdentifier(X509v3 Subject Alternative Name : 2.5.29.15)\r\n                        BOOLEAN(FALSE\u306e\u5834\u5408\u7701\u7565\u3055\u308c\u308b)\r\n                        OCTET STRING\r\n                    SEQUENCE\r\n                        ObjectIdentifier(X509v3 Key Usage : 2.5.29.17)\r\n                        BOOLEAN(FALSE\u306e\u5834\u5408\u7701\u7565\u3055\u308c\u308b)\r\n                        OCTET STRING\r\n<\/code><\/pre>\n<p>\u78ba\u8a8d\u306e\u305f\u3081\u3001OpenSSL \u3067\u5c5e\u6027\u4ed8\u304d CSR \u3092 asn1parse \u3057\u3066\u307f\u307e\u3057\u305f\u3002<\/p>\n<pre class=\"post-pre\"><code><span class=\"nv\">$ <\/span>openssl asn1parse <span class=\"nt\">-in<\/span> goExtPem.csr\r\n\u4e2d\u7565    \r\n  395:d<span class=\"o\">=<\/span>2  <span class=\"nv\">hl<\/span><span class=\"o\">=<\/span>2 <span class=\"nv\">l<\/span><span class=\"o\">=<\/span>  77 cons: cont <span class=\"o\">[<\/span> 0 <span class=\"o\">]<\/span>        \r\n  397:d<span class=\"o\">=<\/span>3  <span class=\"nv\">hl<\/span><span class=\"o\">=<\/span>2 <span class=\"nv\">l<\/span><span class=\"o\">=<\/span>  75 cons: SEQUENCE          \r\n  399:d<span class=\"o\">=<\/span>4  <span class=\"nv\">hl<\/span><span class=\"o\">=<\/span>2 <span class=\"nv\">l<\/span><span class=\"o\">=<\/span>   9 prim: OBJECT            :Extension Request\r\n  410:d<span class=\"o\">=<\/span>4  <span class=\"nv\">hl<\/span><span class=\"o\">=<\/span>2 <span class=\"nv\">l<\/span><span class=\"o\">=<\/span>  62 cons: SET               \r\n  412:d<span class=\"o\">=<\/span>5  <span class=\"nv\">hl<\/span><span class=\"o\">=<\/span>2 <span class=\"nv\">l<\/span><span class=\"o\">=<\/span>  60 cons: SEQUENCE          \r\n  414:d<span class=\"o\">=<\/span>6  <span class=\"nv\">hl<\/span><span class=\"o\">=<\/span>2 <span class=\"nv\">l<\/span><span class=\"o\">=<\/span>  45 cons: SEQUENCE          \r\n  416:d<span class=\"o\">=<\/span>7  <span class=\"nv\">hl<\/span><span class=\"o\">=<\/span>2 <span class=\"nv\">l<\/span><span class=\"o\">=<\/span>   3 prim: OBJECT            :X509v3 Subject Alternative Name\r\n  421:d<span class=\"o\">=<\/span>7  <span class=\"nv\">hl<\/span><span class=\"o\">=<\/span>2 <span class=\"nv\">l<\/span><span class=\"o\">=<\/span>  38 prim: OCTET STRING      <span class=\"o\">[<\/span>HEX DUMP]:3024820F7777772E6578616D706C652E636F6D82117777772E6578616D706C652E636F2E6A70\r\n  461:d<span class=\"o\">=<\/span>6  <span class=\"nv\">hl<\/span><span class=\"o\">=<\/span>2 <span class=\"nv\">l<\/span><span class=\"o\">=<\/span>  11 cons: SEQUENCE          \r\n  463:d<span class=\"o\">=<\/span>7  <span class=\"nv\">hl<\/span><span class=\"o\">=<\/span>2 <span class=\"nv\">l<\/span><span class=\"o\">=<\/span>   3 prim: OBJECT            :X509v3 Key Usage\r\n  468:d<span class=\"o\">=<\/span>7  <span class=\"nv\">hl<\/span><span class=\"o\">=<\/span>2 <span class=\"nv\">l<\/span><span class=\"o\">=<\/span>   4 prim: OCTET STRING      <span class=\"o\">[<\/span>HEX DUMP]:030205E0\r\n\u4ee5\u4e0b\u7565\r\n<\/code><\/pre>\n<p>\u4e0a\u8a18\u7d50\u679c\u3092\u540c\u3058\u3088\u3046\u306b ASN.1 \u306e\u30c7\u30fc\u30bf\u69cb\u9020\u56f3\u306e\u6a21\u5f0f\u56f3\u306b\u3057\u3066\u307f\u308b\u3068<\/p>\n<pre class=\"post-pre\"><code>Context-Specific[0]\r\n    SEQUENCE\r\n        ObjectIdentifier(Extension Request : 1.2.840.113549.1.9.14)\r\n        SET OF\r\n            SEQUENCE\r\n                SEQUENCE\r\n                    ObjectIdentifier(X509v3 Subject Alternative Name : 2.5.29.15)\r\n                    BOOLEAN(FALSE\u306e\u5834\u5408\u7701\u7565\u3055\u308c\u308b)\r\n                    OCTET STRING\r\n                SEQUENCE\r\n                    ObjectIdentifier(X509v3 Key Usage : 2.5.29.17)\r\n                    BOOLEAN(FALSE\u306e\u5834\u5408\u7701\u7565\u3055\u308c\u308b)\r\n                    OCTET STRING\r\n<\/code><\/pre>\n<p>\u3042\u308c&#8230; Context-Specific[0] \u306e Value \u306e SET OF \u304c\u306a\u3044&#8230;\u3002<br \/>\nContext-Specific[0] \u306e Value \u3067\u3042\u308b SET OF \u306f IMPLICIT \u306b\u306a\u3063\u3066 SET OF \u306e Type \u3068 Length \u304c\u7701\u7565\u3055\u308c\u3066\u30a8\u30f3\u30b3\u30fc\u30c9\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u6539\u3081\u3066RFC 2986\u3092\u78ba\u8a8d\u3059\u308b\u3068 IMPLICIT \u3068\u3057\u3066\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<h1>7. \u30b3\u30fc\u30c9<\/h1>\n<p>\u30b3\u30fc\u30c9\u306f\u3053\u3061\u3089<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1.\u3053\u306e\u8a18\u4e8b\u306e\u5bfe\u8c61\u306e\u4eba Golang \u3067\u3001\u5c5e\u6027\u203b\u4ed8\u304d\u306e\u8a3c\u660e\u66f8\u8981\u6c42( CSR ) \u3092\u4f5c\u3063\u3066\u307f\u305f\u3044\u4eba \u203b\u8a3c\u660e\u66f8\u306e  [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-44804","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>- Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:description\" content=\"1.\u3053\u306e\u8a18\u4e8b\u306e\u5bfe\u8c61\u306e\u4eba Golang \u3067\u3001\u5c5e\u6027\u203b\u4ed8\u304d\u306e\u8a3c\u660e\u66f8\u8981\u6c42( CSR ) \u3092\u4f5c\u3063\u3066\u307f\u305f\u3044\u4eba \u203b\u8a3c\u660e\u66f8\u306e [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-14T08:26:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-04T00:51:01+00:00\" \/>\n<meta name=\"author\" content=\"\u79d1, \u9896\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u79d1, \u9896\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/\",\"name\":\"- Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-05-14T08:26:37+00:00\",\"dateModified\":\"2024-05-04T00:51:01+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e\",\"name\":\"\u79d1, \u9896\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g\",\"caption\":\"\u79d1, \u9896\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/keying\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"- Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/","og_locale":"zh_CN","og_type":"article","og_description":"1.\u3053\u306e\u8a18\u4e8b\u306e\u5bfe\u8c61\u306e\u4eba Golang \u3067\u3001\u5c5e\u6027\u203b\u4ed8\u304d\u306e\u8a3c\u660e\u66f8\u8981\u6c42( CSR ) \u3092\u4f5c\u3063\u3066\u307f\u305f\u3044\u4eba \u203b\u8a3c\u660e\u66f8\u306e [&hellip;]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-05-14T08:26:37+00:00","article_modified_time":"2024-05-04T00:51:01+00:00","author":"\u79d1, \u9896","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u79d1, \u9896","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"5 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/","name":"- Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-05-14T08:26:37+00:00","dateModified":"2024-05-04T00:51:01+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e","name":"\u79d1, \u9896","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g","caption":"\u79d1, \u9896"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/keying\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/44804-2\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/44804","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=44804"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/44804\/revisions"}],"predecessor-version":[{"id":97334,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/44804\/revisions\/97334"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=44804"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=44804"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=44804"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}