Добрый вечер, продолжаю
Удаляю старый контейнер
sudo -u nginx-gost /opt/cprocsp/bin/amd64/csptest -keyset -deletekeyset -cont '\\.\HDIMAGE\asvg000'
Делаю новый контейнер
sudo -u nginx-gost /opt/cprocsp/bin/amd64/csptest -keyset -newkeyset -cont '\\.\HDIMAGE\tls'
Проверяю
sudo -u nginx-gost /opt/cprocsp/bin/amd64/csptest -keys -enum -verifyc -fqcn -un
Получаю
CSP (Type:80) v5.0.10010 KC1 Release Ver:5.0.12500 OS:Linux CPU:AMD64 FastCode:READY:AVX. DISABLED:RSA;
AcquireContext: OK. HCRYPTPROV: 28481779
\\.\HDIMAGE\asvtls |\\.\HDIMAGE\HDIMAGE\\tls.000\3B0D
OK.
Проверяю
sudo -u nginx-gost /opt/cprocsp/bin/amd64/csptestf -keyset -container '\\.\HDIMAGE\HDIMAGE\\tls.000\3B0D' -check
Получаю
CSP (Type:80) v5.0.10010 KC1 Release Ver:5.0.12500 OS:Linux CPU:AMD64 FastCode:READY:AVX. DISABLED:RSA;
AcquireContext: OK. HCRYPTPROV: 16271603
GetProvParam(PP_NAME): Crypto-Pro GOST R 34.10-2012 KC1 CSP
Container name: "tls"
Check header passed.
Signature key is available. HCRYPTKEY: 0x1080a73
Exchange key is available. HCRYPTKEY: 0x1080e93
Symmetric key is not available.
UEC key is not available.
Check container passed.
Check sign passed.
Check verify signature on private key passed.
Check verify signature on public key passed.
Check import passed (import restricted).
Check sign passed.
Check verify signature on private key passed.
Check verify signature on public key passed.
Check import passed.
Keys in container:
signature key
exchange key
Extensions:
OID: 1.2.643.2.2.37.3.9
PrivKey: Not specified - 26.01.2024 20:42:28 (UTC)
OID: 1.2.643.2.2.37.3.10
PrivKey: Not specified - 26.01.2024 20:42:40 (UTC)
Total: SYS: 0.010 sec USR: 0.020 sec UTC: 0.030 sec
[ErrorCode: 0x00000000]
Смущают OID так как у проверки сервера должны быть 1.3.6.1.5.5.8.2.2 1.3.6.1.5.5.7.3.2 Проверка подлинности клиента 1.3.6.1.5.5.7.3.1 Проверка подлинности сервера
И как обычно, связываем сертификат и закрытый ключ:
sudo -u nginx-gost /opt/cprocsp/bin/amd64/certmgr -inst -store umy -file domain.cer -cont '\\.\HDIMAGE\HDIMAGE\\tls.000\3B0D'
Получаю
Failed to install certificate
Public keys in certificate and container are not identical
The requested certificate does not exist.
Отредактировано пользователем 27 октября 2022 г. 1:16:05(UTC)
| Причина: Не указана