Linux系统一般默认自带openssl,如果没有则需要安装 CentOS yum install openssl Debian/Ubuntu sudo apt-get install openssl
Windows用户需要下载openssl软件
生成CSR命令
openssl ecparam -out server.key -name prime256v1 -genkey
openssl req -new -key server.key -out server.csr 运行上面的命令需要填写申请者信息
Country Name (2 letter code) [AU]:CN #国家 2个字母的缩写(CN 中国 AU 澳洲) State or Province Name (full name) [Some-State]:Zhejiang #省份 Locality Name (eg, city) []:Jiaxing #城市 Organization Name (eg, company) [Internet Widgits Pty Ltd]:SSLE #公司名称 Organizational Unit Name (eg, section) []:IT Dept. #部门 Common Name (e.g. server FQDN or YOUR name) []:www.yourdomain.com #申请SSL的域名 Email Address []:demo@ssle.cn #Email地址 填写任意可用的邮箱
申请完成后会在当前目录生成2个文件 server.csr[CSR文件]和 server.key[私钥] ,请务必保存好这2个文件,否则证书无法安装。
以下是完整的生成过程
[root@iZ289qba919Z csr]# openssl ecparam -out server.key -name prime256v1 -genkey [root@iZ289qba919Z csr]# openssl req -new -key server.key -out server.csr Generating a 2048 bit RSA private key ..................+++ ...............+++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Zhejiang Locality Name (eg, city) []:Jiaxing Organization Name (eg, company) [Internet Widgits Pty Ltd]:SSLE Organizational Unit Name (eg, section) []:IT Dept. Common Name (e.g. server FQDN or YOUR name) []:www.yourdomain.com Email Address []:demo@ssle.cn Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@iZ289qba919Z csr]# ls server.csr server.key
Was this helpful?
1 / 0