sh 在OSX上使用通配符和备用名称创建SSL证书签名请求

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sh 在OSX上使用通配符和备用名称创建SSL证书签名请求相关的知识,希望对你有一定的参考价值。

# First, generate the key. You will be prompted to enter a password, but we will strip it out in the next step:
openssl genrsa -des3 -out server.orig.key 2048
 
 
# Then, stip out the password:
openssl rsa -in server.orig.key -out server.key
 
 
# Edit the OSX openssl config file to include your alternate names.
# Edit the 'subjectAltName' field. E.g.:
#
# subjectAltName = "DNS:mydomain.com, DNS:*.beta.mydomain.com"
#
# You should use the wildcard for your primary (Common name) in the next step
# and set at least the root domain as a subjectAltName. This example will
# create a valid certificate for mydomain.com, *.mydomain.com and *.beta.mydomain.com
# If you do not set the root domain (mydomain.com) in this example as an alt name
# visitors will get a security warning when visiting https://mydomain.com, though not
# when visiting https://www.mydomain.com
 
sudo nano /System/Library/OpenSSL/openssl.cnf
 
 
# Generate the CSR:
 
openssl req -new -key server.key -out server.csr
 
# This step will require you to enter some information that will appear on the certificate.
# Only the first 4 fields plus the 'Common Name' (your main domain name) is required.
# For a wildcard subdomain, enter *.mydomain.com for the 'Common Name'. Here's an example:
#
#
# Country Name (2 letter code) [AU]:CA
# State or Province Name (full name) [Some-State]:Ontario
# Locality Name (eg, city) []:Toronto
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company, Inc.
# Organizational Unit Name (eg, section) []:
# Common Name (eg, YOUR name) []:*.mydomain.com
# Email Address []:
 
 
 
# Finally, Check to see if it's as expected:
 
openssl req -text -noout -in server.csr


# Once you receive your certificate, you will probably have two or three .crt files.
# You'll probably have to concatenate them together into a single .crt (At least for Heroku or nGinx).
# E.g.: 

cat STAR_mydomain_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > bundle.crt

以上是关于sh 在OSX上使用通配符和备用名称创建SSL证书签名请求的主要内容,如果未能解决你的问题,请参考以下文章

无法使用主题备用名称证书为 SSL/TLS 安全通道建立信任关系

安装通配符可以在 laravel 帆上加密 ssl 证书

免费通配符SSL证书

如何使用 Apache mod_ssl 变量验证 URI 格式的主题备用名称的内容?

在 Azure VM 上安装通配符 SSL 证书

OpenSSL自签名SSL证书相关脚本