使用 Google HSM 上的私钥存储生成 CSR

问题描述 投票:0回答:1

我想使用存储在 Google KMS 上的密钥生成 CSR。我已经生成了密钥,但不确定如何生成 CSR。

我找到了 GO 和 Python 的示例,但我对这些语言一无所知。我尝试在谷歌云控制台上执行此操作,但在尝试运行以下命令时出现错误(屏蔽我的 CSR 数据)。

命令

openssl req -new -subj '/E={yourEmail}/CN={companyName}/O={companyName}/' -sha256 -engine pkcs11 -keyform engine -key pkcs11:object={keyName}

错误日志

Invalid engine "pkcs11" 40570CD7CE7C0000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:../crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so): /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so: cannot open shared object file: No such file or directory 40570CD7CE7C0000:error:12800067:DSO support routines:DSO_load:could not load the shared library:../crypto/dso/dso_lib.c:152: 40570CD7CE7C0000:error:13000084:engine routines:dynamic_load:dso not found:../crypto/engine/eng_dyn.c:422: 40570CD7CE7C0000:error:13000074:engine routines:ENGINE_by_id:no such engine:../crypto/engine/eng_list.c:430:id=pkcs11 40570CD7CE7C0000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:../crypto/dso/dso_dlfcn.c:118:filename(libpkcs11.so): libpkcs11.so: cannot open shared object file: No such file or directory 40570CD7CE7C0000:error:12800067:DSO support routines:DSO_load:could not load the shared library:../crypto/dso/dso_lib.c:152: 40570CD7CE7C0000:error:13000084:engine routines:dynamic_load:dso not found:../crypto/engine/eng_dyn.c:422: No engine specified for loading private key No filename or uri specified for loading private key

google-cloud-platform openssl google-cloud-kms hardware-security-module
1个回答
0
投票

我不确定这是否相关,但也许尝试运行以下命令

sudo apt-get update
sudo apt-get install libengine-pkcs11-openssl

我在此链接中找到了此内容:https://cloud.google.com/kms/docs/reference/pkcs11-openssl

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.