在 openssl 3.0.7 中,我可以在 openssl-ca 手册页中看到这一点:
-extensions section
The section of the configuration file containing certificate extensions to be added when a certificate is issued (defaults to x509_extensions unless the
-extfile option is used). If no X.509 extensions are specified then a V1 certificate is created, else a V3 certificate is created. See the
x509v3_config(5) manual page for details of the extension section format.
但是在 openssl 3.2.2 中,它没有提及 V1:
-extensions section
The section of the configuration file containing certificate extensions to be added when a certificate is issued (defaults to x509_extensions unless the
-extfile option is used).
See the x509v3_config(5) manual page for details of the extension section format.
是否不再可能生成使用 V1 的证书?
快速回答:不,你不能。在 openssl 3.2.0 的发行说明中,明确指出 V1 将不再使用:
https://openssl-library.org/news/openssl-3.2-notes/