欢迎访问 生活随笔!
TAG聚合

生活随笔

当前位置: 首页 > 编程资源 > 编程问答 >内容正文

编程问答

使用openssl生成ssl(https)证书

发布时间:2025/3/20 编程问答 41 豆豆
生活随笔 收集整理的这篇文章主要介绍了 使用openssl生成ssl(https)证书 小编觉得挺不错的,现在分享给大家,帮大家做个参考.

openssl生成证书

[nginx@machina key]$ pwd
/app/nginx/key

  • 生成私钥
    openssl genrsa -out server.key 2048
  • 生成证书请求
    openssl req -new -key server.key -out server.csr
  • 填入信息 [nginx@machina key]$ openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:gd Locality Name (eg, city) [Default City]:gz Organization Name (eg, company) [Default Company Ltd]:ai Organizational Unit Name (eg, section) []:ai Common Name (eg, your name or your server's hostname) []:112.96.28.206 Email Address []:

    • Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    [nginx@machina key]$
    [nginx@machina key]$ ls
    old server.csr server.key

    4. 备份一份服务器密钥文件 cp server.key server.key.org 5. 去除文件口令 openssl rsa -in server.key.org -out server.key 6. 生成证书文件server.crt openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

    [nginx@machina key]$ openssl rsa -in server.key.org -out server.key
    writing RSA key
    [nginx@machina key]$
    [nginx@machina key]$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
    Signature ok
    subject=/C=cn/ST=gd/L=gz/O=ai/OU=ai/CN=112.96.28.206
    Getting Private key

    一般只需三步: 1. openssl genrsa -out server.key 2048 2. openssl req -new -key server.key -out server.csr 3. openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt关于密码: openssl genrsa -out server.key 2048不需要密码。 openssl genrsa -des3 -out server.key 2048需要密码。 https://www.jianshu.com/p/9523d888cf77关于域名: 用openssl,域名可以不输; 用keystore,必须输入。

    转载于:https://blog.51cto.com/170023/2154883

    总结

    以上是生活随笔为你收集整理的使用openssl生成ssl(https)证书的全部内容,希望文章能够帮你解决所遇到的问题。

    如果觉得生活随笔网站内容还不错,欢迎将生活随笔推荐给好友。