Builds two-tier PKI CA hierarchy (root + intermediate) using OpenSSL and Python cryptography library, with CRL, OCSP, and certificate policies. For secure certificate management.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
证书颁发机构(CA)是公钥基础设施(PKI)层次结构中的信任锚,负责颁发、签署和吊销数字证书。本技能涵盖使用 OpenSSL 和 Python cryptography 库构建两层 CA 层次结构(根 CA + 中间 CA),包括证书吊销列表(CRL)分发、OCSP 响应服务器配置和证书策略管理。
Builds two-tier PKI hierarchy (Root CA + Intermediate CA) using OpenSSL and Python cryptography library; configures CRLs, OCSP responders, certificate issuance, policies. For secure PKI setups.
Builds two-tier CA hierarchy (Root + Intermediate) using OpenSSL and Python cryptography library for PKI, including CRLs, OCSP responders, and certificate policies.
Automates SSL/TLS X.509 certificate lifecycle—CSR generation, issuance, deployment, monitoring, ACME renewal, revocation checks—using Python tools. Prevents outages and security risks from poor cert management.
Share bugs, ideas, or general feedback.
证书颁发机构(CA)是公钥基础设施(PKI)层次结构中的信任锚,负责颁发、签署和吊销数字证书。本技能涵盖使用 OpenSSL 和 Python cryptography 库构建两层 CA 层次结构(根 CA + 中间 CA),包括证书吊销列表(CRL)分发、OCSP 响应服务器配置和证书策略管理。
根 CA(离线,气隙隔离)
|
+-- 中间 CA(在线,运营中)
|
+-- 服务器证书
+-- 客户端证书
+-- 代码签名证书
| 扩展 | 用途 | 关键性 |
|---|---|---|
| basicConstraints | CA:TRUE/FALSE,路径长度约束 | 是 |
| keyUsage | keyCertSign、cRLSign、digitalSignature | 是 |
| extendedKeyUsage | serverAuth、clientAuth、codeSigning | 否 |
| subjectKeyIdentifier | 公钥哈希 | 否 |
| authorityKeyIdentifier | 颁发者密钥标识符 | 否 |
| crlDistributionPoints | CRL 的 URL | 否 |
| authorityInfoAccess | OCSP 响应服务器 URL | 否 |