gmssl certgen reqgen: illegal option '-days'

[yanxianhe]

快速上手

参考 http://gmssl.org/docs/quickstart.html 执行

• gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
• 提示 reqgen: illegal option '-days'

ssy@ssy:/opt/gmssl_certs$ gmssl version
GmSSL 3.1.1
ssy@ssy:/opt/gmssl_certs$ gmssl sm2keygen -pass 1234 -out rootcakey.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEGZ4XdwULv01gLKa35Nu9Nqyrjkki
9h/zI93kA8gLIIDYe1UkDBARqVVg1CnWkBLeu/5IvbTZGMt0C3QJWTEnow==
-----END PUBLIC KEY-----
ssy@ssy:/opt/gmssl_certs$ gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
ssy@ssy:/opt/gmssl_certs$ ls -lha
总计 16K
drwxrwxr-x  2 ssy ssy 4.0K  7月 10 17:56 .
drwxr-xr-x 43 ssy ssy 4.0K  7月 10 13:26 ..
-rw-rw-r--  1 ssy ssy  676  7月 10 17:56 rootcacert.pem
-rw-rw-r--  1 ssy ssy  436  7月 10 17:56 rootcakey.pem
ssy@ssy:/opt/gmssl_certs$ gmssl sm2keygen -pass 1234 -out cakey.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEaL1agL9OJntYulE0Ijo8PqXLlFZX
GNAiPoKwPxVVfuxzqHQHaTG1iXWYH7AWeOMnGDFbdMK7egTuBHLo0QQiCA==
-----END PUBLIC KEY-----
ssy@ssy:/opt/gmssl_certs$ gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
reqgen: illegal option '-days'
ssy@ssy:/opt/gmssl_certs$ 

[yanjingtu]

我今天也是在搞这块，遇到相同问题，我试了一下去掉了-days XXX这个参数，然后就好了。不过最终的密钥对在golang用gmsm库加载一直在报错tls: failed to parse private key，目前搜着应该是golang不支持加载带密码的密钥对，具体应该怎么去掉密码或者生成不带密码的密钥对