...
pkcs11-tool --module
/usr/lib/librtpkcs11ecp
.so -r -y cert --
id
{
id
} > cert
название_вашего_сертификата.crt
вместо {id} нужно подставить ID который вы увидите в выводе команды
...
OpenSSL> req -engine pkcs11 -new -key 0:45 -keyform engine -x509 -out certназвание_вашего_сертификата.crt -outform DER
Блок кода |
---|
engine "pkcs11" set. Enter PKCS#11 token PIN for Rutoken ECP <no label>: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:RU State or Province Name (full name) [Some-State]:Moscow Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Rusbitech Organizational Unit Name (eg, section) []: Astra Common Name (e.g. server FQDN or YOUR name) []:Makhmadiev Shuhrat Email Address []:shuhrat@astralinux.ru OpenSSL> exit |
...
Создав свой личный сертификат, его следует загрузить на рутокен:
Загрузка сертификата на токен
$ pkcs11-tool --module /usr/lib/librtpkcs11ecp.so -l -y cert -w
...
название_вашего_сертификата.crt --
...
id45