使用openssl生成ssl(https)证书
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了使用openssl生成ssl(https)证书相关的知识,希望对你有一定的参考价值。
openssl生成证书
[[email protected] key]$ pwd
/app/nginx/key
- 生成私钥
openssl genrsa -out server.key 2048 - 生成证书请求
openssl req -new -key server.key -out server.csr - 填入信息
[[email protected] key]$ openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:gd Locality Name (eg, city) [Default City]:gz Organization Name (eg, company) [Default Company Ltd]:ai Organizational Unit Name (eg, section) []:ai Common Name (eg, your name or your server‘s hostname) []:112.96.28.206 Email Address []:
Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[[email protected] key]$
[[email protected] key]$ ls
old server.csr server.key
4. 备份一份服务器密钥文件
cp server.key server.key.org
5. 去除文件口令
openssl rsa -in server.key.org -out server.key
6. 生成证书文件server.crt
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
[[email protected] key]$ openssl rsa -in server.key.org -out server.key
writing RSA key
[[email protected] key]$
[[email protected] key]$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=cn/ST=gd/L=gz/O=ai/OU=ai/CN=112.96.28.206
Getting Private key
一般只需三步:
1. openssl genrsa -out server.key 2048
2. openssl req -new -key server.key -out server.csr
3. openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
关于密码:
openssl genrsa -out server.key 2048
不需要密码。
openssl genrsa -des3 -out server.key 2048
需要密码。
https://www.jianshu.com/p/9523d888cf77
关于域名:
用openssl,域名可以不输;
用keystore,必须输入。以上是关于使用openssl生成ssl(https)证书的主要内容,如果未能解决你的问题,请参考以下文章