devbox
算法优化者
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

openssl3.2 - 官方demo学习 - certs

作者:算法优化者 | 2024-01-17 09:19:55

openssl3.2 - 官方demo学习 - certs

文章目录

openssl3.2 - 官方demo学习 - certs

概述

打开官方demos的certs目录, 没看到.c. 茫然了一下.
官方在这个目录中要展示啥呢?
看了readme, 懂了.
原来官方在这个目录中, 要展示如何使用openssl.exe的命令行来操作证书(建立证书, 证书入库, 吊销证书, 查询证书).
官方通过3个.sh来展示证书操作.
mkcerts.sh - 一组操作, 用来建立证书, 证书入库
ocsprun.sh - 建立一个ocsp查询的服务器.
ocspquery.sh - 向ocsp服务器查询证书的有效性.
在cygwin64下, 这3个.sh都好使.
但是, 如果只是运行一下这3个.sh学不到东西. 如果自己有自签名的证书要操作, 还是得一个一个命令的都搞懂才行.

我先将这3个.sh翻译成.bat, 然后每一条命令做一个.bat, 一个一个.bat来运行, 观察运行结果.
整了一遍之后, 再整理.bat, 证书操作基本懂了. 用了2天时间.

如果不整理官方的.sh, 命令行参数中的的文件官方命名很容易将自己看糊涂.
在保证和官方实现一致的前提下, 将文件名改为自己能懂的. 加上注释, 以后就能知道, 每个命令行干啥活.

笔记

官方的实验流程

先运行 mkcerts.sh, 将后续要操作的证书都做出来.
再运行ocsprun.sh, 建立ocsp服务器.
最后运行 ocspquery.sh, 查询证书的有效性.

在mkcerts.sh中, 如果只是运行一次听个响, 27个操作, 一堆操作输出, 根本不能理解这个.sh到底干了啥.
同理, ocspquery.sh有4个操作, 只是运行一次, 啥也不懂.

所以要想理解官方的这3个.sh展示了啥, 需要将这3个.sh中, 每个命令行都自己单独做一次, 每个命令行执行完, 都观察一下有啥输出.

mkcerts.sh - 整理

#!/bin/sh

# \file mkcerts.sh

OPENSSL=./openssl
OPENSSL_CONF=./openssl.cnf
export OPENSSL_CONF

# Root CA: create certificate directly
# a1_create_certificate_directly.cmd
# 生成测试用的根证书, 私钥和证书都在一个文件(.pem)中
# %OPENSSL%                req -config ca.cnf -x509 -nodes -keyout root_ca.pem -out root_ca.pem -newkey rsa:2048 -days 3650 > opt_log_A1.txt 2>&1
CN="Test Root CA" $OPENSSL req -config ca.cnf -x509 -nodes -keyout root.pem    -out root.pem    -newkey rsa:2048 -days 3650

# Intermediate CA: request first
# a2_Intermediate_CA_request_first.cmd
# 中间CA证书 - 请求
# %OPENSSL%                        req -config ca.cnf -nodes -keyout inter_ca_priv_key.pem -out inter_ca_req.pem -newkey rsa:2048 > opt_log_A2.txt 2>&1
CN="Test Intermediate CA" $OPENSSL req -config ca.cnf -nodes -keyout intkey.pem            -out intreq.pem       -newkey rsa:2048

# Sign request: CA extensions
# a3_Sign_request_CA_extensions.cmd
# 中间CA证书请求 - 签名
# %OPENSSL% x509 -req -in inter_ca_req.pem -CA root_ca.pem -days 3600 -extfile ca.cnf -extensions v3_ca -CAcreateserial -out inter_ca_req_sign.pem > opt_log_A3.txt 2>&1
$OPENSSL    x509 -req -in intreq.pem       -CA root.pem    -days 3600 -extfile ca.cnf -extensions v3_ca -CAcreateserial -out intca.pem

# Server certificate: create request first
# a4_Server_certificate_create_request_first.cmd
# 服务器证书请求
# %OPENSSL%                    req -config ca.cnf -nodes -keyout server_priv_key.pem -out server_req.pem -newkey rsa:1024 > opt_log_A4.txt 2>&1
CN="Test Server Cert" $OPENSSL req -config ca.cnf -nodes -keyout skey.pem            -out req.pem        -newkey rsa:1024

# Sign request: end entity extensions
# a5_Sign_request_end_entity_extensions.cmd
# 对服务器证书请求 进行 签名
# %OPENSSL% x509 -req -in server_req.pem -CA inter_ca_req_sign.pem -CAkey inter_ca_priv_key.pem -days 3600 -extfile ca.cnf -extensions usr_cert -CAcreateserial -out server_req_sign.pem > opt_log_A5.txt 2>&1
$OPENSSL    x509 -req -in req.pem        -CA intca.pem             -CAkey intkey.pem            -days 3600 -extfile ca.cnf -extensions usr_cert -CAcreateserial -out server.pem

# Client certificate: request first
# a6_Client_certificate_request_first.cmd
# 客户端证书申请
# %OPENSSL%                    req -config ca.cnf -nodes -keyout client_priv_key.pem -out client_req.pem -newkey rsa:1024 > opt_log_A6.txt 2>&1
CN="Test Client Cert" $OPENSSL req -config ca.cnf -nodes -keyout ckey.pem            -out creq.pem       -newkey rsa:1024

# Sign using intermediate CA
# a7_Sign_using_intermediate_CA.cmd
# 用中间CA签名客户端证书请求
# %OPENSSL% x509 -req -in client_req.pem -CA inter_ca_req_sign.pem -CAkey inter_ca_priv_key.pem -days 3600 -extfile ca.cnf -extensions usr_cert -CAcreateserial -out client_req_sign.pem > opt_log_A7.txt 2>&1
$OPENSSL    x509 -req -in creq.pem       -CA intca.pem             -CAkey intkey.pem            -days 3600 -extfile ca.cnf -extensions usr_cert -CAcreateserial -out client.pem

# Revoked certificate: request first
# a8_Revoked_certificate_request_first.cmd
# 吊销证书的申请
# %OPENSSL%                     req -config ca.cnf -nodes -keyout revoke_priv_key.pem -out revoke_req.pem -newkey rsa:1024 > opt_log_A8.txt 2>&1
CN="Test Revoked Cert" $OPENSSL req -config ca.cnf -nodes -keyout revkey.pem          -out rreq.pem       -newkey rsa:1024

# Sign using intermediate CA
# a9_Sign_using_intermediate_CA.cmd
# 吊销证书申请的签名
# %OPENSSL% x509 -req -in revoke_req.pem -CA inter_ca_req_sign.pem -CAkey inter_ca_priv_key.pem -days 3600 -extfile ca.cnf -extensions usr_cert -CAcreateserial -out revoke_req_sign.pem > opt_log_A9.txt 2>&1
$OPENSSL    x509 -req -in rreq.pem       -CA intca.pem              -CAkey intkey.pem           -days 3600 -extfile ca.cnf -extensions usr_cert -CAcreateserial -out rev.pem

# OCSP responder certificate: request first
# a10_OCSP_responder_certificate_request_first.cmd
# OCSP证书申请
# %OPENSSL%                            req -config ca.cnf -nodes -keyout ocsp_priv_key.pem -out ocsp_req.pem -newkey rsa:1024 > opt_log_A10.txt 2>&1
CN="Test OCSP Responder Cert" $OPENSSL req -config ca.cnf -nodes -keyout respkey.pem       -out respreq.pem  -newkey rsa:1024

# Sign using intermediate CA and responder extensions
# a11_Sign_using_intermediate_CA_and_responder_extensions.cmd
# OCSP证书申请的签名
# %OPENSSL% x509 -req -in ocsp_req.pem -CA inter_ca_req_sign.pem -CAkey inter_ca_priv_key.pem -days 3600 -extfile ca.cnf -extensions ocsp_cert -CAcreateserial -out ocsp_req_sign.pem > opt_log_A11.txt 2>&1
$OPENSSL    x509 -req -in respreq.pem  -CA intca.pem             -CAkey intkey.pem            -days 3600 -extfile ca.cnf -extensions ocsp_cert -CAcreateserial -out resp.pem

# Example creating a PKCS#3 DH certificate.

# First DH parameters
# a12_First_DH_parameters.cmd
# 产生DH证书参数文件
# %OPENSSL%                genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_prime_len:1024 -out dh_param.pem > opt_log_A12.txt 2>&1
[ -f dhp.pem ] || $OPENSSL genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_prime_len:1024 -out dhp.pem

# Now a DH private key
# a13_Now_a_DH_private_key.cmd
# 产生DH证书私钥
# %OPENSSL% genpkey -paramfile dh_param.pem -out dh_priv_key.pem > opt_log_A13.txt 2>&1
$OPENSSL    genpkey -paramfile dhp.pem      -out dhskey.pem


# Create DH public key file
# a14_Create_DH_public_key_file.cmd
# 产生DH证书公钥
# %OPENSSL% pkey -in dh_priv_key.pem -pubout -out dh_pub_key.pem > opt_log_A14.txt 2>&1
$OPENSSL  pkey -in dhskey.pem      -pubout -out dhspub.pem


# Certificate request, key just reuses old one as it is ignored when the request is signed
# a15_dh_cert.cmd
# DH证书申请
# %OPENSSL%                       req -config ca.cnf -new -key server_priv_key.pem -out dh_req.pem > opt_log_A15.txt 2>&1
CN="Test Server DH Cert" $OPENSSL req -config ca.cnf -new -key skey.pem -out dhsreq.pem


# Sign request: end entity DH extensions
# a16_Sign_dh_req.cmd
# DH证书申请的签名
# %OPENSSL% x509 -req -in dh_req.pem -CA root_ca.pem -days 3600 -force_pubkey dh_pub_key.pem -extfile ca.cnf -extensions dh_cert -CAcreateserial -out dh_req_sign.pem > opt_log_A16.txt 2>&1
$OPENSSL    x509 -req -in dhsreq.pem -CA root.pem    -days 3600 -force_pubkey dhspub.pem     -extfile ca.cnf -extensions dh_cert -CAcreateserial -out dhserver.pem

# DH client certificate
# a17_gen_dh_client_priv_key.cmd
# 产生DH客户端私钥
# %OPENSSL% genpkey -paramfile dh_param.pem -out dh_client_priv_key.pem > opt_log_A17.txt 2>&1
$OPENSSL    genpkey -paramfile dhp.pem      -out dhckey.pem

# a18_gen_dh_client_pub_key.cmd
# 产生DH客户端公钥
# %OPENSSL% pkey -in dh_client_priv_key.pem -pubout -out dh_client_pub_key.pem > opt_log_A18.txt 2>&1
$OPENSSL    pkey -in dhckey.pem             -pubout -out dhcpub.pem

# a19_dh_clint_cert_req.cmd
# DH客户端证书请求
# %OPENSSL%                       req -config ca.cnf -new -key server_priv_key.pem -out dh_client_req.pem > opt_log_A19.txt 2>&1
CN="Test Client DH Cert" $OPENSSL req -config ca.cnf -new -key skey.pem            -out dhcreq.pem

# a20_dh_client_cert_sign.cmd
# 对DH客户端证书请求进行签名
# %OPENSSL% x509 -req -in dh_client_req.pem -CA root_ca.pem -days 3600 -force_pubkey dh_client_pub_key.pem -extfile ca.cnf -extensions dh_cert -CAcreateserial -out dh_client_req_sign.pem > opt_log_A20.txt 2>&1
$OPENSSL    x509 -req -in dhcreq.pem        -CA root.pem    -days 3600 -force_pubkey dhcpub.pem            -extfile ca.cnf -extensions dh_cert -CAcreateserial -out dhclient.pem

# Examples of CRL generation without the need to use 'ca' to issue certificates.
# Create zero length index file
# a21_gen_crl_without_ca.cmd
# 建立本地CA需要的数据库(产生一个空的index.txt 和一个里面内容为01的crlnum.txt)
>index.txt
# Create initial crl number file
echo 01 >crlnum.txt

# Add entries for server and client certs
# a22_add_cert_sha1_server.cmd
# 向本地CA数据库中登记服务器证书(将服务器证书登记信息写入 index.txt)
# %OPENSSL% ca -valid server_req_sign.pem -keyfile root_ca.pem -cert root_ca.pem -config ca.cnf -md sha1 > opt_log_A22.txt 2>&1
$OPENSSL    ca -valid server.pem          -keyfile root.pem    -cert root.pem    -config ca.cnf -md sha1

# a23_add_cert_sha1_client.cmd
# 向本地CA数据库登记客户端证书(将服务器证书登记信息写入 index.txt)
# %OPENSSL% ca -valid client_req_sign.pem -keyfile root_ca.pem -cert root_ca.pem -config ca.cnf -md sha1 > opt_log_A23.txt 2>&1
$OPENSSL    ca -valid client.pem          -keyfile root.pem    -cert root.pem    -config ca.cnf -md sha1

# a24_add_cert_sha1_revoke.cmd
# 向本地数据库等级吊销用的证书(将吊销用的证书登记信息吸入 index.txt)
# %OPENSSL% ca -valid revoke_req_sign.pem -keyfile root_ca.pem -cert root_ca.pem -config ca.cnf -md sha1 > opt_log_A24.txt 2>&1
$OPENSSL    ca -valid rev.pem             -keyfile root.pem    -cert root.pem    -config ca.cnf -md sha1

# Generate a CRL.
# a25_gen_crl.cmd
# 产生证书吊销列表
# %OPENSSL% ca -gencrl -keyfile root_ca.pem -cert root_ca.pem -config ca.cnf -md sha1 -crldays 1 -out crl_cert_list.pem > opt_log_A25.txt 2>&1
$OPENSSL    ca -gencrl -keyfile root.pem    -cert root.pem    -config ca.cnf -md sha1 -crldays 1 -out crl1.pem

# Revoke a certificate
# a26_revoke_cert.cmd
# 吊销一个证书
# %OPENSSL% ca -revoke revoke_req_sign.pem -crl_reason superseded -keyfile root_ca.pem -cert root_ca.pem -config ca.cnf -md sha1 > opt_log_A26.txt 2>&1
openssl     ca -revoke rev.pem             -crl_reason superseded -keyfile root.pem    -cert root.pem    -config ca.cnf -md sha1

# Generate another CRL
# a27_gen_crl_new_one.cmd
# 吊销一个证书后, 要产生新的吊销证书列表供其他应用验证证书是否被吊销.
# 证书吊销列表的名称, 在实际应用中, 应该是一个名字, 这里是实验, 就重新命令一个吊销列表文件的名称, 表示这是在吊销证书后, 新产生的证书吊销列表
# %OPENSSL% ca -gencrl -keyfile root_ca.pem -cert root_ca.pem -config ca.cnf -md sha1 -crldays 1 -out crl_cert_list_1.pem > opt_log_A27.txt 2>&1
$OPENSSL    ca -gencrl -keyfile root.pem    -cert root.pem    -config ca.cnf -md sha1 -crldays 1 -out crl2.pem



  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174

ocsprun.sh - 整理

# Example of running an querying OpenSSL test OCSP responder.
# This assumes "mkcerts.sh" or similar has been run to set up the
# necessary file structure.

OPENSSL=../../apps/openssl
OPENSSL_CONF=../../apps/openssl.cnf
export OPENSSL_CONF

# Run OCSP responder.

PORT=8888

# %OPENSSL% ocsp -port %PORT% -index index.txt -CA inter_ca_req_sign.pem -rsigner ocsp_req_sign.pem  -rkey ocsp_priv_key.pem -rother inter_ca_req_sign.pem
$OPENSSL    ocsp -port $PORT  -index index.txt -CA intca.pem             -rsigner resp.pem           -rkey respkey.pem       -rother intca.pem $*


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15

ocspquery.sh - 整理

# Example querying OpenSSL test responder. Assumes ocsprun.sh has been
# called.

OPENSSL=../../apps/openssl
OPENSSL_CONF=../../apps/openssl.cnf
export OPENSSL_CONF

# Send responder queries for each certificate.

echo "Requesting OCSP status for each certificate"
# query1.cmd
# %OPENSSL% ocsp -issuer inter_ca_req_sign.pem  -cert client_req_sign.pem -CAfile root_ca.pem -url http://127.0.0.1:8888/ > opt_log_query1.txt 2>&1
$OPENSSL    ocsp -issuer intca.pem              -cert client.pem          -CAfile root.pem    -url http://127.0.0.1:8888/

# query2.cmd
# %OPENSSL% ocsp -issuer inter_ca_req_sign.pem  -cert server_req_sign.pem -CAfile root_ca.pem -url http://127.0.0.1:8888/ > opt_log_query2.txt 2>&1
$OPENSSL    ocsp -issuer intca.pem              -cert server.pem          -CAfile root.pem    -url http://127.0.0.1:8888/

#query3.cmd
# %OPENSSL% ocsp -issuer inter_ca_req_sign.pem  -cert revoke_req_sign.pem -CAfile root_ca.pem -url http://127.0.0.1:8888/ > opt_log_query3.txt 2>&1
$OPENSSL    ocsp -issuer intca.pem              -cert rev.pem             -CAfile root.pem    -url http://127.0.0.1:8888/

# One query for all three certificates.
echo "Requesting OCSP status for three certificates in one request"
# %OPENSSL% ocsp -issuer inter_ca_req_sign.pem  -cert client_req_sign.pem -cert server_req_sign.pem -cert revoke_req_sign.pem -CAfile root_ca.pem -url http://127.0.0.1:8888/ > opt_log_query_all.txt 2>&1
$OPENSSL    ocsp -issuer intca.pem              -cert client.pem          -cert server.pem          -cert rev.pem             -CAfile root.pem -url http://127.0.0.1:8888/


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27

从mkcerts.sh整理出来的27个.bat

a1_create_certificate_directly.cmd

@echo off
rem \file a1_create_certificate_directly.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Root CA: create certificate directly
set CN="Test Root CA"

rem # 生成测试用的根证书, 私钥和证书都在一个文件(.pem)中

%OPENSSL% req -config ca.cnf -x509 -nodes -keyout root_ca.pem -out root_ca.pem -newkey rsa:2048 -days 3650 > opt_log_A1.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13

a2_Intermediate_CA_request_first.cmd

@echo off
rem \file a2_Intermediate_CA_request_first.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Intermediate CA: request first
set CN="Test Intermediate CA"

rem # 中间CA证书 - 请求

%OPENSSL% req -config ca.cnf -nodes -keyout inter_ca_priv_key.pem -out inter_ca_req.pem -newkey rsa:2048 > opt_log_A2.txt 2>&1



  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14

a3_Sign_request_CA_extensions.cmd

@echo off
rem \file a3_Sign_request_CA_extensions.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Sign request: CA extensions
rem # 中间CA证书请求 - 签名

%OPENSSL% x509 -req -in inter_ca_req.pem -CA root_ca.pem -days 3600 -extfile ca.cnf -extensions v3_ca -CAcreateserial -out inter_ca_req_sign.pem > opt_log_A3.txt 2>&1



  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12

a4_Server_certificate_create_request_first.cmd

@echo off

rem \file a4_Server_certificate_create_request_first.cmd

set OPENSSL=.\openssl

set OPENSSL_CONF=.\openssl.cnf

rem Server certificate: create request first

set CN="Test Server Cert"

rem # 服务器证书请求

rem # 除了根CA, 其他CA/服务器的私钥和证书都要分开, 不能是一个.pem

%OPENSSL% req -config ca.cnf -nodes -keyout server_priv_key.pem -out server_req.pem -newkey rsa:1024 > opt_log_A4.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18

a5_Sign_request_end_entity_extensions.cmd

@echo off
rem \file a5_Sign_request_end_entity_extensions.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Sign request: end entity extensions
rem # 对服务器证书请求 进行 签名

%OPENSSL% x509 -req -in server_req.pem -CA inter_ca_req_sign.pem -CAkey inter_ca_priv_key.pem -days 3600 ^
-extfile ca.cnf -extensions usr_cert -CAcreateserial -out server_req_sign.pem > opt_log_A5.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12

a6_Client_certificate_request_first.cmd

@echo off
rem \file a6_Client_certificate_request_first.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf
rem echo OPENSSL_CONF = %OPENSSL_CONF%

rem Client certificate: request first
set CN="Test Client Cert"

rem # 客户端证书申请

%OPENSSL% req -config ca.cnf -nodes -keyout client_priv_key.pem -out client_req.pem -newkey rsa:1024 > opt_log_A6.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14

a7_Sign_using_intermediate_CA.cmd

@echo off
rem \file a7_Sign_using_intermediate_CA.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Sign using intermediate CA
rem # 用中间CA签名客户端证书请求

%OPENSSL% x509 -req -in client_req.pem -CA inter_ca_req_sign.pem -CAkey inter_ca_priv_key.pem -days 3600 -extfile ca.cnf -extensions usr_cert -CAcreateserial -out client_req_sign.pem > opt_log_A7.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

a8_Revoked_certificate_request_first.cmd

@echo off
rem \file a8_Revoked_certificate_request_first.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Revoked certificate: request first
set CN="Test Revoked Cert"

rem # 吊销证书的申请

%OPENSSL% req -config ca.cnf -nodes -keyout revoke_priv_key.pem -out revoke_req.pem -newkey rsa:1024 > opt_log_A8.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13

a9_Sign_using_intermediate_CA.cmd

@echo off
rem \file a9_Sign_using_intermediate_CA.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Sign using intermediate CA
rem # 吊销证书申请的签名

%OPENSSL% x509 -req -in revoke_req.pem -CA inter_ca_req_sign.pem -CAkey inter_ca_priv_key.pem -days 3600 -extfile ca.cnf -extensions usr_cert -CAcreateserial -out revoke_req_sign.pem > opt_log_A9.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

a10_OCSP_responder_certificate_request_first.cmd

@echo off
rem \file a10_OCSP_responder_certificate_request_first.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem OCSP responder certificate: request first
set CN="Test OCSP Responder Cert"

rem # OCSP证书申请

%OPENSSL% req -config ca.cnf -nodes -keyout ocsp_priv_key.pem -out ocsp_req.pem -newkey rsa:1024 > opt_log_A10.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13

a11_Sign_using_intermediate_CA_and_responder_extensions.cmd

@echo off
rem \file a11_Sign_using_intermediate_CA_and_responder_extensions.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Sign using intermediate CA and responder extensions
rem # OCSP证书申请的签名

%OPENSSL% x509 -req -in ocsp_req.pem -CA inter_ca_req_sign.pem -CAkey inter_ca_priv_key.pem -days 3600 -extfile ca.cnf -extensions ocsp_cert -CAcreateserial -out ocsp_req_sign.pem > opt_log_A11.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

a12_First_DH_parameters.cmd

@echo off
rem \file a12_First_DH_parameters.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem echo OPENSSL_CONF = %OPENSSL_CONF%
rem First DH parameters

del /Q .\dh_param.pem > nul 2>&1
rem # 产生DH证书参数文件

%OPENSSL% genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_prime_len:1024 -out dh_param.pem > opt_log_A12.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14

a13_Now_a_DH_private_key.cmd

@echo off
rem \file a13_Now_a_DH_private_key.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Now a DH private key
rem # 产生DH证书私钥

%OPENSSL% genpkey -paramfile dh_param.pem -out dh_priv_key.pem > opt_log_A13.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

a14_Create_DH_public_key_file.cmd

@echo off
rem \file a14_Create_DH_public_key_file.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Create DH public key file
rem # 产生DH证书公钥

%OPENSSL% pkey -in dh_priv_key.pem -pubout -out dh_pub_key.pem > opt_log_A14.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

a15_dh_cert_req.cmd

@echo off
rem \file a15_dh_cert_req.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Certificate request, key just reuses old one as it is ignored when the request is signed

set CN="Test Server DH Cert"

rem 使用的key必须是服务器证书的私钥, 而不是dh证书的私钥, 否则报错

rem # DH证书申请

%OPENSSL% req -config ca.cnf -new -key server_priv_key.pem -out dh_req.pem > opt_log_A15.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16

a16_Sign_dh_req.cmd

@echo off
rem \file a16_Sign_dh_req.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Sign request: end entity DH extensions
rem # DH证书申请的签名

rem 使用的key必须是服务器证书的私钥, 而不是dh证书的私钥, 否则报错

%OPENSSL% x509 -req -in dh_req.pem -CA root_ca.pem -days 3600 -force_pubkey dh_pub_key.pem -extfile ca.cnf -extensions dh_cert -CAcreateserial -out dh_req_sign.pem > opt_log_A16.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13

a17_gen_dh_client_priv_key.cmd

@echo off
rem \file a17_gen_dh_client_priv_key.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem DH client certificate
rem # 产生DH客户端私钥

%OPENSSL% genpkey -paramfile dh_param.pem -out dh_client_priv_key.pem > opt_log_A17.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

a18_gen_dh_client_pub_key.cmd

@echo off
rem \file a18_gen_dh_client_pub_key.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem DH client certificate
rem # 产生DH客户端公钥

%OPENSSL% pkey -in dh_client_priv_key.pem -pubout -out dh_client_pub_key.pem > opt_log_A18.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

a19_dh_clint_cert_req.cmd

@echo off
rem \file a19_dh_clint_cert_req.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem echo OPENSSL_CONF = %OPENSSL_CONF%
rem DH client certificate

set CN="Test Client DH Cert"

rem # DH客户端证书请求

%OPENSSL% req -config ca.cnf -new -key server_priv_key.pem -out dh_client_req.pem > opt_log_A19.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15

a20_dh_client_cert_sign.cmd

@echo off
rem \file a20_dh_client_cert_sign.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem DH client certificate
rem # 对DH客户端证书请求进行签名

%OPENSSL% x509 -req -in dh_client_req.pem -CA root_ca.pem -days 3600 -force_pubkey dh_client_pub_key.pem -extfile ca.cnf -extensions dh_cert -CAcreateserial -out dh_client_req_sign.pem > opt_log_A20.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

a21_gen_crl_without_ca.cmd

@echo off
rem \file a21_gen_crl_without_ca.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem # Examples of CRL generation without the need to use 'ca' to issue certificates.
rem # 建立本地CA需要的数据库(产生一个空的index.txt 和一个里面内容为01的crlnum.txt)

rem # Create zero length index file

cd. > index.txt

rem # Create initial crl number file

echo 01 > crlnum.txt



  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18

a22_add_cert_sha1_server.cmd

@echo off

rem \file a22_add_cert_sha1_server.cmd

set OPENSSL=.\openssl

set OPENSSL_CONF=.\openssl.cnf

rem Add entries for server and client certs

rem # 向本地CA数据库中登记服务器证书(将服务器证书登记信息写入 index.txt)

%OPENSSL% ca -valid server_req_sign.pem -keyfile root_ca.pem -cert root_ca.pem -config ca.cnf -md sha1 > opt_log_A22.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14

a23_add_cert_sha1_client.cmd

@echo off
rem \file a23_add_cert_sha1_client.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Add entries for server and client certs
rem set CN="Test Client DH Cert"
rem # 向本地CA数据库登记客户端证书(将服务器证书登记信息写入 index.txt)

%OPENSSL% ca -valid client_req_sign.pem -keyfile root_ca.pem -cert root_ca.pem -config ca.cnf -md sha1 > opt_log_A23.txt 2>&1



  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13

a24_add_cert_sha1_revoke.cmd

@echo off
rem \file a24_add_cert_sha1_revoke.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Add entries for server and client certs
rem set CN="Test Client DH Cert"
rem # 向本地数据库等级吊销用的证书(将吊销用的证书登记信息写入 index.txt)

%OPENSSL% ca -valid revoke_req_sign.pem -keyfile root_ca.pem -cert root_ca.pem -config ca.cnf -md sha1 > opt_log_A24.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12

a25_gen_crl.cmd

@echo off
rem \file a25_gen_crl.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Add entries for server and client certs
rem set CN="Test Client DH Cert"
rem # 产生证书吊销列表

%OPENSSL% ca -gencrl -keyfile root_ca.pem -cert root_ca.pem -config ca.cnf -md sha1 -crldays 1 -out crl_cert_list.pem > opt_log_A25.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12

a26_revoke_cert.cmd

@echo off
rem \file a26_revoke_cert.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Revoke a certificate
rem set CN="Test Client DH Cert"
rem # 吊销一个证书

%OPENSSL% ca -revoke revoke_req_sign.pem -crl_reason superseded -keyfile root_ca.pem -cert root_ca.pem -config ca.cnf -md sha1 > opt_log_A26.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12

a27_gen_crl_new_one.cmd

@echo off
rem \file a25_gen_crl.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf

rem Add entries for server and client certs

rem # 吊销一个证书后, 要产生新的吊销证书列表供其他应用验证证书是否被吊销.

rem # 证书吊销列表的名称, 在实际应用中, 应该是一个名字, 这里是实验, 就重新命令一个吊销列表文件的名称, 表示这是在吊销证书后, 新产生的证书吊销列表

%OPENSSL% ca -gencrl -keyfile root_ca.pem -cert root_ca.pem -config ca.cnf -md sha1 -crldays 1 -out crl_cert_list_1.pem > opt_log_A27.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14

run_ax_bat.cmd

模拟mkcerts.sh, 将做的27个单独的.bat一起都调用了.

call a1_create_certificate_directly.cmd
call a2_Intermediate_CA_request_first.cmd
call a3_Sign_request_CA_extensions.cmd
call a4_Server_certificate_create_request_first.cmd
call a5_Sign_request_end_entity_extensions.cmd
call a6_Client_certificate_request_first.cmd
call a7_Sign_using_intermediate_CA.cmd
call a8_Revoked_certificate_request_first.cmd
call a9_Sign_using_intermediate_CA.cmd
call a10_OCSP_responder_certificate_request_first.cmd
call a11_Sign_using_intermediate_CA_and_responder_extensions.cmd
call a12_First_DH_parameters.cmd
call a13_Now_a_DH_private_key.cmd
call a14_Create_DH_public_key_file.cmd
call a15_dh_cert_req.cmd
call a16_Sign_dh_req.cmd
call a17_gen_dh_client_priv_key.cmd
call a18_gen_dh_client_pub_key.cmd
call a19_dh_clint_cert_req.cmd
call a20_dh_client_cert_sign.cmd
call a21_gen_crl_without_ca.cmd
call a22_add_cert_sha1_server.cmd
call a23_add_cert_sha1_client.cmd
call a24_add_cert_sha1_revoke.cmd
call a25_gen_crl.cmd
call a26_revoke_cert.cmd
call a27_gen_crl_new_one.cmd
ECHO END
pause


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30

从ocsprun.sh整理出来的1个.bat

ocsprun.cmd

@echo off

rem \file ocsprun.cmd

rem # Example of running an querying OpenSSL test OCSP responder.
rem # This assumes "mkcerts.sh" or similar has been run to set up the
rem # necessary file structure.

set OPENSSL= .\openssl
set OPENSSL_CONF=.\openssl.cnf

rem # Run OCSP responder.

set PORT=8888

%OPENSSL% ocsp -port %PORT% -index index.txt -CA inter_ca_req_sign.pem -rsigner ocsp_req_sign.pem  -rkey ocsp_priv_key.pem -rother inter_ca_req_sign.pem


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17

从ocspquery.sh整理出来的4个.bat

query1.cmd

@echo off
rem \file query1.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf
rem echo OPENSSL_CONF = %OPENSSL_CONF%

rem Revoke a certificate
rem set CN="Test Client DH Cert"

@echo "Requesting OCSP status for each certificate"
%OPENSSL% ocsp -issuer inter_ca_req_sign.pem  -cert client_req_sign.pem -CAfile root_ca.pem -url http://127.0.0.1:8888/ > opt_log_query1.txt 2>&1



  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14

query2.cmd

@echo off
rem \file query2.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf
rem echo OPENSSL_CONF = %OPENSSL_CONF%

rem Revoke a certificate
rem set CN="Test Client DH Cert"

@echo "Requesting OCSP status for each certificate"
%OPENSSL% ocsp -issuer inter_ca_req_sign.pem  -cert server_req_sign.pem -CAfile root_ca.pem -url http://127.0.0.1:8888/ > opt_log_query2.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13

query3.cmd

@echo off
rem \file query3.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf
rem echo OPENSSL_CONF = %OPENSSL_CONF%

rem Revoke a certificate
rem set CN="Test Client DH Cert"

@echo "Requesting OCSP status for each certificate"
%OPENSSL% ocsp -issuer inter_ca_req_sign.pem  -cert revoke_req_sign.pem -CAfile root_ca.pem -url http://127.0.0.1:8888/ > opt_log_query3.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13

query_all.cmd

@echo off
rem \file query3.cmd

set OPENSSL=.\openssl
set OPENSSL_CONF=.\openssl.cnf
rem echo OPENSSL_CONF = %OPENSSL_CONF%

rem Revoke a certificate
rem set CN="Test Client DH Cert"

@echo "Requesting OCSP status for three certificates in one request"
%OPENSSL% ocsp -issuer inter_ca_req_sign.pem  -cert client_req_sign.pem -cert server_req_sign.pem -cert revoke_req_sign.pem -CAfile root_ca.pem -url http://127.0.0.1:8888/ > opt_log_query_all.txt 2>&1


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13

备注

即使是发一个证书出来, 一个openssl.exe命令行也搞不定的.
将官方证书操作分类来备注.

生成测试用的根CA证书

a1_create_certificate_directly.cmd 这个一步搞定, 生成了根CA的证书和私钥.

生成二级CA(中间CA)

a2_Intermediate_CA_request_first.cmd 中间CA证书 - 请求, 生成了中间CA的私钥和请求
a3_Sign_request_CA_extensions.cmd 中间CA证书请求 - 签名, 将请求签名, 生成最终的中间CA证书

应用服务器的证书

a4_Server_certificate_create_request_first.cmd 服务器证书请求, 生成服务器证书私钥和请求.
a5_Sign_request_end_entity_extensions.cmd 对服务器证书请求 进行 签名, 得到最终可用的服务器证书

客户端的证书

a6_Client_certificate_request_first.cmd 客户端证书申请, 生成客户端证书私钥和请求
a7_Sign_using_intermediate_CA.cmd 用中间CA签名客户端证书请求, 生成最终可用的客户端证书.

用于吊销演示的证书

a8_Revoked_certificate_request_first.cmd 用于吊销证书的申请, 生成私钥和申请
a9_Sign_using_intermediate_CA.cmd 吊销证书申请的签名, 得到最终用于吊销演示操作的证书.

OCSP证书

a10_OCSP_responder_certificate_request_first.cmd OCSP证书申请, 得到私钥和申请
a11_Sign_using_intermediate_CA_and_responder_extensions.cmd OCSP证书申请的签名, 得到最终可用的OCSP证书

DH服务器证书

a12_First_DH_parameters.cmd 产生DH证书参数文件
a13_Now_a_DH_private_key.cmd 产生DH证书私钥
a14_Create_DH_public_key_file.cmd 产生DH证书公钥
a15_dh_cert.cmd 产生DH证书申请
a16_Sign_dh_req.cmd DH证书申请的签名, 得到最终可用的DH服务器证书

DH客户端证书

a17_gen_dh_client_priv_key.cmd 产生DH客户端私钥
a18_gen_dh_client_pub_key.cmd 产生DH客户端公钥
a19_dh_clint_cert_req.cmd DH客户端证书请求
a20_dh_client_cert_sign.cmd 对DH客户端证书请求进行签名, 得到最终可用的DH客户端证书

建立本地CA需要的数据库

a21_gen_crl_without_ca.cmd 建立本地CA需要的数据库(产生一个空的index.txt 和一个里面内容为01的crlnum.txt)

向本地CA数据库中登记服务器证书

a22_add_cert_sha1_server.cmd 向本地CA数据库中登记服务器证书(将服务器证书登记信息写入 index.txt)

向本地CA数据库登记客户端证书

a23_add_cert_sha1_client.cmd 向本地CA数据库登记客户端证书(将服务器证书登记信息写入 index.txt)

向本地数据库登记用于吊销演示用的证书

a24_add_cert_sha1_revoke.cmd 向本地数据库等级吊销用的证书(将吊销用的证书登记信息吸入 index.txt)

产生证书吊销列表

a25_gen_crl.cmd 产生证书吊销列表(新建立了N张证书后, 都要登记入库, 然后重新生成证书吊销列表).

吊销一个证书

a26_revoke_cert.cmd 吊销证书后, 这张证书就废了.

产生(更新)证书吊销列表

a27_gen_crl_new_one.cmd 吊销一个证书后, 要产生新的吊销证书列表供其他应用验证证书是否被吊销. 证书吊销列表的名称, 在实际应用中, 应该是同一个名字, 这里是实验, 就重新命令一个吊销列表文件的名称, 表示这是在吊销证书后, 新产生的证书吊销列表

本地实验需要的文件列表

tree /A /F
D:.
    a10_OCSP_responder_certificate_request_first.cmd
    a11_Sign_using_intermediate_CA_and_responder_extensions.cmd
    a12_First_DH_parameters.cmd
    a13_Now_a_DH_private_key.cmd
    a14_Create_DH_public_key_file.cmd
    a15_dh_cert_req.cmd
    a16_Sign_dh_req.cmd
    a17_gen_dh_client_priv_key.cmd
    a18_gen_dh_client_pub_key.cmd
    a19_dh_clint_cert_req.cmd
    a1_create_certificate_directly.cmd
    a20_dh_client_cert_sign.cmd
    a21_gen_crl_without_ca.cmd
    a22_add_cert_sha1_server.cmd
    a23_add_cert_sha1_client.cmd
    a24_add_cert_sha1_revoke.cmd
    a25_gen_crl.cmd
    a26_revoke_cert.cmd
    a27_gen_crl_new_one.cmd
    a2_Intermediate_CA_request_first.cmd
    a3_Sign_request_CA_extensions.cmd
    a4_Server_certificate_create_request_first.cmd
    a5_Sign_request_end_entity_extensions.cmd
    a6_Client_certificate_request_first.cmd
    a7_Sign_using_intermediate_CA.cmd
    a8_Revoked_certificate_request_first.cmd
    a9_Sign_using_intermediate_CA.cmd
    ca.cnf
    libcrypto-3-x64.dll
    libssl-3-x64.dll
    mkcerts.sh
    ocspquery.sh
    ocsprun.cmd
    ocsprun.sh
    openssl.cnf
    openssl.exe
    query1.cmd
    query2.cmd
    query3.cmd
    query_all.cmd
    README.txt
    run_ax_bat.cmd

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44

END

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/article/detail/40822?site
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号