LTS

Innovation Version

Certificates

Overview

An SM certificate is a digital certificate that complies with standards such as Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves and Digital Certificate Format Based on SM2 Algorithm. The OpenSSL software released with openEuler supports SM certificates.

Prerequisites

OpenSSL 1.1.1m-6 or later. You can run the following command to query the OpenSSL version:

$ rpm -qa openssl
openssl-1.1.1m-6.oe2209.x86_64

How to Use

Scenario 1: Generating an SM Certificate

Generate a private key for SM2 signing.

openssl ecparam -genkey -name SM2 -out sm2.key

Generate a signing request.

openssl req -new -sm3 -key sm2.key -out sm2.csr

Generate an SM certificate. You can use -extfile to specify the certificate configuration file.
```
openssl x509 -req -days 3650 -signkey sm2.key -in sm2.csr -out sm2.crt
```
View the certificate information.
```
openssl x509 -text -in sm2.crt
```

Scenario 2: Building a Certificate Chain

Using the x509 Command (Generally Used for Function Tests)

Generate a private key for SM2 signing and a signing request.

openssl ecparam -genkey -name SM2 -out sm2.key
openssl req -new -sm3 -key sm2.key -out sm2.csr

Generate a level-2 certificate based on the level-1 certificate. You can use -extfile to specify the certificate configuration file.
```
openssl x509 -req -sm3 -CAcreateserial -CA ca.crt -CAkey ca.key -in sm2.csr -out sm2.crt
```

Using the CA Configuration File (Generally Used in Formal Scenarios)

Prepare a configuration file for generating a certificate. You can use apps/openssl.cnf in the OpenSSL source code directory.

Generate a self-signed CA certificate.

openssl ecparam -name SM2 -out SM2.pem
openssl req -config ./openssl.cnf -nodes -keyout CA.key -newkey ec:SM2.pem -new -out CA.csr
openssl x509 -sm3 -req -days 30 -in CA.csr -extfile ./openssl.cnf -extensions v3_ca -signkey CA.key -out CA.crt

Generate a level-2 certificate.

openssl req -config ./openssl.cnf -nodes -keyout SS.key -newkey ec:SM2.pem -new -out SS.csr
openssl x509 -sm3 -req -days 30 -in SS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out SS.crt -CAcreateserial

Scenario 3: Generating a TLCP Communication Certificate

For details, see chapter "TLCP Stack."

Bug Catching

Buggy Content

Bug Description

Submit As Issue

It's a little complicated....

I'd like to ask someone.

Just a small problem.

I can fix it online!

Bug Type

Specifications and Common Mistakes

● Misspellings or punctuation mistakes;

● Incorrect links, empty cells, or wrong formats;

● Chinese characters in English context;

● Minor inconsistencies between the UI and descriptions;

● Low writing fluency that does not affect understanding;

● Incorrect version numbers, including software package names and version numbers on the UI.

Usability

● Incorrect or missing key steps;

● Missing prerequisites or precautions;

● Ambiguous figures, tables, or texts;

● Unclear logic, such as missing classifications, items, and steps.

Correctness

● Technical principles, function descriptions, or specifications inconsistent with those of the software;

● Incorrect schematic or architecture diagrams;

● Incorrect commands or command parameters;

● Incorrect code;

● Commands inconsistent with the functions;

● Wrong screenshots.

Risk Warnings

● Lack of risk warnings for operations that may damage the system or important data.

Content Compliance

● Contents that may violate applicable laws and regulations or geo-cultural context-sensitive words and expressions;

● Copyright infringement.

We may contact you through email in regard to the bug fixing solution. You will also be notified through email if you win any prize during the activity.