openssl有很多子命令和设定选项,但常用的翻来覆去就是那几条,这篇文章继续介绍在各种证书生成教程中出现的req子命令的-newkey选项。
-new选项一般需要结合genrsa子命令创建私钥之后创建CSR文件,而-newkey则可使用一行命令同时完成私钥和CSR文件的创建。
设定选项 设定选项说明 openssl req 创建证书签名请求等功能 -nodes 对私钥不进行加密 -newkey 创建CSR证书签名文件和RSA私钥文件 rsa:2048 指定创建的RSA私钥长度为2048 -keyout 创建的私钥文件名称 -out 指定CSR输出文件名 -subj 指定证书Subject内容Subject设定内容说明
字段 含义 设定值例 /C= Country CN /ST= State LiaoNing /L= Location DaLian /O= Organization devops /OU= Organizational unicorn /CN= Common Name devops.com 生成私钥和CSR文件liumiaocn:csr liumiao$ openssl req -newkey rsa:2048 -keyout ca.key -nodes -out request.csr -subj "/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=unicorn/CN=devops.com" Generating a 2048 bit RSA private key .............................................+++ .....+++ writing new private key to 'ca.key' ----- liumiaocn:csr liumiao$ ls ca.key request.csr liumiaocn:csr liumiao$
可以看到同时生成了私钥和CSR文件
结果确认base64编码后的私钥和CSR文件显示如下所示
liumiaocn:csr liumiao$ cat ca.key -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/uSP/0+qO0Pw8 9h7wSffMmrp+v9oehUJe4XoDk9h0lUFbEMD/pGiE6OzGAUkAVLxO/n7kEHC2LgNa DxoubufjPsQoogw0HUSvDjiGfZQTri2wzMl6LNxPSD1qP2L2SYoqu6Gu5NV/Pv2w AAcxQArYvJ9sw/N61HJjRRnJoVt/nY/nMt4Kr/x8QHvSpgMSmEajBBOqpECKLONI bY32wFOcZzVwFnvN/ZKYQ3al4m1dpvfLb9E/AxvJopfRjSinBJj8FmQvNR9TbU2c x6h88GqExbOq1w08t+iGSCKOFVC8fbgdgD2zUFKNOe19odCQgMgASsT/wZJYJAuv 08SHYIqfAgMBAAECggEAZNAYkuQ+2Vwg1nlgqV9rsqXF3PJK4nOWA8gyXYE3d44o MJdttL8hyomkPzXbyhXEcxE1bf0LF3C4iHmafcIJox+VC/yxyBF/1UD4DhgobfTP x8DXTKwcKIBG8wBjrDfdND03dnyTmvZndU1+erI/QdplRk7/T544i+SA+9oh/8bR 0zIFIyWxMm7Xkr2pJioUndWxtCI/sN2eEB1XYtoR5jTJiTzIc7bC2krS6PM7j5/t 6epT+M4hQFc9J7KKnuKzFh3TMyDKMx/ARdX/zq1ZPKqBsyAYFrH9jGncyvrINhrP fHb2GuTbxPCFGkvnc4a/a1GKXJz0aLhYXZT8xUnu4QKBgQD/bVbDrZM4uFvzdELF 8mSudKlENG6pbgtJ2AO/L2G13oMUguJZw2UCEFLeHdQTQQDI7SY2z7yIDmXSEFEQ aEEi7nDMUTQ/1RjlaoooWuixj8Di42CaplznTGhgwliJcbirVzoIEI0FDzV6bSm+ 1Y5CEWval9WKzqpZVIQ2Js1bUQKBgQDAJzllu+OJ+fz1So0jK9cwzdipyOQXaO8k 7fhQ4iWJNtjrr1uB4AzfDyyPBkDoaNOinaf4gM5/1XjMzhxk5gw5sGzGuks1n1A+ dwch8m7zwUt1q0W4pDO0iWcL9wzBGtUN6Le+zr2yUN8ASt+RTq4grflbUiODnux/ vt4O3J0q7wKBgQDrt7uaWVTDw18YDPKSOl8vn/mVN83oDeXc/7x1cwR5Eh9ljmPU 8r0EaowO7vgHzLUst63MZ2lVJfRRJz2oJo317pWp+EZ/oeiXzvoww7R6KG+Y8rzz +xNBYQHySWfrb0c82AJ17tA1GxP/Jz6fHfVqgylFUVl//7i1N4nLb4OUAQKBgHpL vKU6OyyC1fOMOl3LNk+Sg7Yz7K/VkncPmj5oYHl/VfpTBkuXvLlvH+37je4dYa0a 6GAqIsOLqzG2cK3rGJbS6bhlsx5ywhCvkvORJ/qt6IgAtQQ6Rco+tT4RQ6XXnQgY OHIRhPxrqjK2dKo3yG12LMFper73tA/t+8i7srAzAoGBANuMoNGHoSQL2uKqgSqS D+S9S2JFvUIcdLsipdCoLe7q10ssBsVDaPqBbYGGRhKxnzR69SOaGDIhzW+oZNHR EEs0kbMl++POK3j9Ihj8ZR/jskAemb06aUIuDdGgDBl/LkTzHcEelY5sHmDhw46o vuaqZjrA7xkC7ib/EK4gZ493 -----END PRIVATE KEY----- liumiaocn:csr liumiao$ cat request.csr -----BEGIN CERTIFICATE REQUEST----- MIICrjCCAZYCAQAwaTELMAkGA1UEBhMCQ04xETAPBgNVBAgMCExpYW9OaW5nMQ8w DQYDVQQHDAZEYUxpYW4xDzANBgNVBAoMBmRldm9wczEQMA4GA1UECwwHdW5pY29y bjETMBEGA1UEAwwKZGV2b3BzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAL+5I//T6o7Q/Dz2HvBJ98yaun6/2h6FQl7hegOT2HSVQVsQwP+kaITo 7MYBSQBUvE7+fuQQcLYuA1oPGi5u5+M+xCiiDDQdRK8OOIZ9lBOuLbDMyXos3E9I PWo/YvZJiiq7oa7k1X8+/bAABzFACti8n2zD83rUcmNFGcmhW3+dj+cy3gqv/HxA e9KmAxKYRqMEE6qkQIos40htjfbAU5xnNXAWe839kphDdqXibV2m98tv0T8DG8mi l9GNKKcEmPwWZC81H1NtTZzHqHzwaoTFs6rXDTy36IZIIo4VULx9uB2APbNQUo05 7X2h0JCAyABKxP/BklgkC6/TxIdgip8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IB AQBHNTMmjnnY4JADjdt1vVaOh2k2bzAozgCyQZ3DLliP4LZ+4AoTkPJhH2tZk2na 9dPNF6YrBov+eZyK58InSXork1ad9tinmLE/mJVWyrAplXrG6cvnaT6hyDRyHBeZ gnECr75mSLAZ6VBUeAPQXtWEexYFYZR87Ck8vtUsU7BEcTg8dG7iW7R4CiLxja6P 2+s5rrvIDRxlh4nzOCAg1ac0XC9DVifEDJPe+oTYPFvfgf7qu9U0xYcPSbzVHf5+ b6Tz83OWf5s0zZcBgcT+o7aqlut21vZF7GqI5Jkpp5viY1eqVOUlneDxSm4G4wGa gZhIuihc0SMW2+oMe65lxNEn -----END CERTIFICATE REQUEST----- liumiaocn:csr liumiao$
确认CSR内容
liumiaocn:csr liumiao$ openssl req -text -noout -verify -in request.csr
verify OK
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=CN, ST=LiaoNing, L=DaLian, O=devops, OU=unicorn, CN=devops.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:b9:23:ff:d3:ea:8e:d0:fc:3c:f6:1e:f0:49:
f7:cc:9a:ba:7e:bf:da:1e:85:42:5e:e1:7a:03:93:
d8:74:95:41:5b:10:c0:ff:a4:68:84:e8:ec:c6:01:
49:00:54:bc:4e:fe:7e:e4:10:70:b6:2e:03:5a:0f:
1a:2e:6e:e7:e3:3e:c4:28:a2:0c:34:1d:44:af:0e:
38:86:7d:94:13:ae:2d:b0:cc:c9:7a:2c:dc:4f:48:
3d:6a:3f:62:f6:49:8a:2a:bb:a1:ae:e4:d5:7f:3e:
fd:b0:00:07:31:40:0a:d8:bc:9f:6c:c3:f3:7a:d4:
72:63:45:19:c9:a1:5b:7f:9d:8f:e7:32:de:0a:af:
fc:7c:40:7b:d2:a6:03:12:98:46:a3:04:13:aa:a4:
40:8a:2c:e3:48:6d:8d:f6:c0:53:9c:67:35:70:16:
7b:cd:fd:92:98:43:76:a5:e2:6d:5d:a6:f7:cb:6f:
d1:3f:03:1b:c9:a2:97:d1:8d:28:a7:04:98:fc:16:
64:2f:35:1f:53:6d:4d:9c:c7:a8:7c:f0:6a:84:c5:
b3:aa:d7:0d:3c:b7:e8:86:48:22:8e:15:50:bc:7d:
b8:1d:80:3d:b3:50:52:8d:39:ed:7d:a1:d0:90:80:
c8:00:4a:c4:ff:c1:92:58:24:0b:af:d3:c4:87:60:
8a:9f
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
47:35:33:26:8e:79:d8:e0:90:03:8d:db:75:bd:56:8e:87:69:
36:6f:30:28:ce:00:b2:41:9d:c3:2e:58:8f:e0:b6:7e:e0:0a:
13:90:f2:61:1f:6b:59:93:69:da:f5:d3:cd:17:a6:2b:06:8b:
fe:79:9c:8a:e7:c2:27:49:7a:2b:93:56:9d:f6:d8:a7:98:b1:
3f:98:95:56:ca:b0:29:95:7a:c6:e9:cb:e7:69:3e:a1:c8:34:
72:1c:17:99:82:71:02:af:be:66:48:b0:19:e9:50:54:78:03:
d0:5e:d5:84:7b:16:05:61:94:7c:ec:29:3c:be:d5:2c:53:b0:
44:71:38:3c:74:6e:e2:5b:b4:78:0a:22:f1:8d:ae:8f:db:eb:
39:ae:bb:c8:0d:1c:65:87:89:f3:38:20:20:d5:a7:34:5c:2f:
43:56:27:c4:0c:93:de:fa:84:d8:3c:5b:df:81:fe:ea:bb:d5:
34:c5:87:0f:49:bc:d5:1d:fe:7e:6f:a4:f3:f3:73:96:7f:9b:
34:cd:97:01:81:c4:fe:a3:b6:aa:96:eb:76:d6:f6:45:ec:6a:
88:e4:99:29:a7:9b:e2:63:57:aa:54:e5:25:9d:e0:f1:4a:6e:
06:e3:01:9a:81:98:48:ba:28:5c:d1:23:16:db:ea:0c:7b:ae:
65:c4:d1:27
liumiaocn:csr liumiao$
