对于我的学校项目,我必须构建一个 CA 并运行各种场景,其中之一是分发证书吊销列表。问题是 EasyRsa 没有明显的调整功能来为附加到签名证书的分发点指定 URI。 请有任何想法,因为 gitHub 上 EasyRsa 的官方存储库都没有提供解决方案,OpenSSL 也不是更好的选择(我无法重新开始:-))?
将您的 URL 添加到 easyRSA 中包含的 x509-types/COMMON 文件中
您将看到文件的默认内容,告诉您如何将其用于 CRL 和 AIA:
https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/x509-types/COMMON
# X509 extensions added to every signed cert
# This file is included for every cert signed, and by default does nothing.
# It could be used to add values every cert should have, such as a CDP as
# demonstrated in the following example:
#crlDistributionPoints = URI:http://example.net/pki/my_ca.crl
# The authority information access extension gives details about how to access
# certain information relating to the CA.
#authorityInfoAccess = caIssuers;URI:http://example.net/pki/my_ca.crt