使用openssl生成ssl(https)证书

发布时间:2020-07-23 08:51:56 作者:ouyida3
来源:网络 阅读:460

openssl生成证书

[nginx@machina key]$ pwd
/app/nginx/key

  1. 生成私钥
    openssl genrsa -out server.key 2048
  2. 生成证书请求
    openssl req -new -key server.key -out server.csr
  3. 填入信息
    
    [nginx@machina key]$ openssl req -new -key server.key -out server.csr
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [XX]:cn
    State or Province Name (full name) []:gd
    Locality Name (eg, city) [Default City]:gz
    Organization Name (eg, company) [Default Company Ltd]:ai
    Organizational Unit Name (eg, section) []:ai
    Common Name (eg, your name or your server's hostname) []:112.96.28.206
    Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[nginx@machina key]$
[nginx@machina key]$ ls
old server.csr server.key

4. 备份一份服务器密钥文件
cp server.key server.key.org
5. 去除文件口令
openssl rsa -in server.key.org -out server.key
6. 生成证书文件server.crt
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

[nginx@machina key]$ openssl rsa -in server.key.org -out server.key
writing RSA key
[nginx@machina key]$
[nginx@machina key]$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=cn/ST=gd/L=gz/O=ai/OU=ai/CN=112.96.28.206
Getting Private key



一般只需三步:
1. openssl genrsa -out server.key 2048
2. openssl req -new -key server.key -out server.csr
3. openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

关于密码:
openssl genrsa -out server.key 2048
    不需要密码。
openssl genrsa -des3 -out server.key 2048
    需要密码。
https://www.jianshu.com/p/9523d888cf77

关于域名:
用openssl,域名可以不输;
用keystore,必须输入。
推荐阅读:
  1. nginx配置https自签名(openssl生成)证书
  2. openssl https证书

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

https 生成 ssl

上一篇:union和union all的区别

下一篇:小米手机一键修改机器码参数

相关阅读

您好,登录后才能下订单哦!

密码登录
登录注册
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》