首先看P10证书采用的是哪种秘钥加密方式,这里通过CFCA官网查询证书可以看到,以下是查询链接
Certificate Hall(测试环境)
本次查到到加密方式为 SM2-256
生成P10 逻辑大致为 通过GMSSL 生成SM2秘钥,再通过SM2秘钥生成P10文件。这里的SM2秘钥根据上述官网查询到的证书的加密方式而定。
安装GMSSL资料
在Linux上安装完后(这里不限于Linux)
通过命令生成密钥
gmssl sm2keygen -pass $your_password -out $sm2_name.key通过生成的SM2秘钥生成P10文件
gmssl reqgen -C CN -L 浙江省 -ST 杭州市 -O XXXX有限公司 -OU 研发部 -CN XXXX -key $sm2_name.key -pass $your_password -out p10.key查看P10内容
[root@VM-4-12-centos ] cat req.key
-----BEGIN CERTIFICATE REQUEST-----
xxxxx
-----END CERTIFICATE REQUEST-----附录:命令帮助
usage: gmssl sm2keygen -pass str [-out pem] [-pubout pem]
Options
-pass pass Password to encrypt the private key
-out pem Output password-encrypted PKCS #8 private key in PEM format
-pubout pem Output public key in PEM format
Examples
$ gmssl sm2keygen -pass P@ssw0rd -out sm2.pem
$ gmssl sm2keygen -pass P@ssw0rd -out sm2.pem -pubout sm2pub.pem
usage: gmssl reqgen [-C str] [-ST str] [-L str] [-O str] [-OU str] -CN str -key pem -pass pass [-sm2_id str | -sm2_id_hex hex] [-out pem]
Options
-key file Private key file in PEM format
-pass pass Password for decrypting private key file
-sm2_id str Signer's ID in SM2 signature algorithm
-sm2_id_hex hex Signer's ID in hex format
When `-sm2_id` or `-sm2_id_hex` is specified,
must use the same ID in other commands explicitly.
If neither `-sm2_id` nor `-sm2_id_hex` is specified,
the default string '1234567812345678' is used
-out file Output Certificate Request (CSR) file in PEM format
Subject options
-C str Country
-ST str State or province name
-L str Locality
-O str Organization
-OU str Organizational unit
-CN str Common name
Examples
gmssl sm2keygen -pass P@ssw0rd -out key.pem
gmssl reqgen -CN www.gmssl.org -key key.pem -pass P@ssw0rd -out req.pem