OpenSSL生成CSR

Linux系统一般默认自带openssl，如果没有则需要安装 CentOS yum install openssl Debian/Ubuntu sudo apt-get install openssl

Windows用户需要下载openssl软件，可以使用我们在线生成工具 https://www.ssle.cn/ssltools.php

生成CSR命令

openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout server.key -out server.csr

运行上面的命令需要填写申请者信息

Country Name (2 letter code) [AU]:CN   #国家 2个字母的缩写（CN 中国 AU 澳洲）
State or Province Name (full name) [Some-State]:Shanghai #省份
Locality Name (eg, city) []:Shanghai     #城市
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SSLE   #公司名称
Organizational Unit Name (eg, section) []:IT Dept.   #部门
Common Name (e.g. server FQDN or YOUR name) []:www.yourdomain.com   #申请SSL的域名
Email Address []:demo@ssle.cn   #Email地址填写任意可用的邮箱

申请完成后会在当前目录生成2个文件 server.csr[CSR文件]和 server.key[私钥] ,请务必保存好这2个文件，否则证书无法安装。

以下是完整的生成过程

[root@iZ289qba919Z csr]# openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Generating a 2048 bit RSA private key
..................+++
...............+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Shanghai        
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SSLE
Organizational Unit Name (eg, section) []:IT Dept.
Common Name (e.g. server FQDN or YOUR name) []:www.yourdomain.com
Email Address []:demo@ssle.cn    
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@iZ289qba919Z csr]# ls
server.csr  server.key

Was this helpful?

0 / 0

相关文章