这篇文章介绍一下CSR证书请求文件交互方式和非交互方式的生成方法。
不使用配置文件生成CSR证书签名请求文件的示例日志如下所示:
[root@liumiaocn certificate]# openssl req -new -key ca.key -out request.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:LiaoNing Locality Name (eg, city) []:DaLian Organization Name (eg, company) [Internet Widgits Pty Ltd]:devops Organizational Unit Name (eg, section) []:unicorn Common Name (e.g. server FQDN or YOUR name) []:devops.com Email Address []:liumiaocn@outlook.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@liumiaocn certificate]#
更详细的内容可参看:https://liumiaocn.blog.csdn.net/article/details/103482436
非交互方式 设定选项 设定选项说明 openssl req 创建证书签名请求等功能 -nodes 对私钥不进行加密 -new 创建CSR证书签名文件 -out 指定CSR输出文件名 -subj 指定证书Subject内容Subject设定内容说明
字段 含义 设定值例 /C= Country CN /ST= State LiaoNing /L= Location DaLian /O= Organization devops /OU= Organizational unicorn /CN= Common Name devops.com[root@host121 csr]# ls [root@host121 csr]# openssl genrsa -out ca.key Generating RSA private key, 2048 bit long modulus (2 primes) ................................................................+++++ ............................................+++++ e is 65537 (0x010001) [root@host121 csr]# [root@host121 csr]# ls ca.key [root@host121 csr]# [root@host121 csr]# openssl req -new -key ca.key -out request.csr -subj "/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=unicorn/CN=devops.com" [root@host121 csr]# ls ca.key request.csr [root@host121 csr]#CSR文件确认
[root@host121 csr]# openssl req -text -noout -verify -in request.csr
verify OK
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = CN, ST = LiaoNing, L = DaLian, O = devops, OU = unicorn, CN = devops.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:3f:fb:af:b6:e1:44:4b:81:ec:e2:7a:5d:7a:
0b:ef:cf:f3:be:04:d9:f9:c4:47:a9:71:c6:35:66:
1e:d8:0d:2c:9d:5a:d3:4f:91:e9:14:ef:cc:c2:37:
6b:6a:12:78:80:6b:80:26:d6:41:bf:28:ff:9f:e0:
8f:27:a6:89:ba:62:cd:34:e1:5e:50:e5:a5:d2:cc:
1e:0e:96:d2:e5:63:03:8b:b4:41:4c:c3:4b:0a:6e:
8f:b7:31:14:07:5b:68:a2:18:e4:2c:d2:99:cf:54:
22:d4:e2:67:88:73:c2:3a:16:e9:d2:cd:5b:f4:d3:
4e:d1:5a:00:2d:cf:cd:bf:48:68:dd:f1:6d:42:ad:
77:3b:4d:e7:52:6e:fa:3c:46:2e:77:22:8d:95:9e:
04:e8:a5:ce:f2:c4:7e:90:a4:3d:8f:44:f3:a7:d9:
a2:a6:bb:f6:4c:5f:32:d9:05:eb:5c:2f:eb:da:cb:
e0:68:20:4a:f6:1e:0f:1f:fd:eb:37:76:fd:11:c9:
06:b0:2a:a1:f4:36:1f:5d:e7:da:60:96:88:ac:94:
c0:12:bc:5a:2f:9d:c0:02:37:34:f7:f0:42:c4:62:
9a:60:73:64:ea:cd:cc:e6:2b:09:60:12:09:ea:96:
4e:a7:b5:20:00:fd:03:98:61:3d:e7:31:5f:ca:84:
46:db
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
86:7a:7c:b7:90:82:2c:78:f6:87:e9:ec:65:8d:ea:f1:24:29:
2b:2d:64:26:aa:ca:67:c9:d4:6a:a9:df:30:63:63:73:41:24:
be:3b:a4:fe:06:91:80:69:74:9d:08:8c:e5:37:b4:f2:3f:0c:
0c:6d:cc:91:94:33:2a:2b:8f:c9:a7:95:4d:d6:1b:88:c8:5e:
af:d0:ac:0e:8c:9e:5a:7a:84:7f:27:2d:c4:00:10:d7:88:f4:
4e:3d:1a:de:90:d7:22:71:12:7b:f2:f4:21:0e:a3:e6:43:ea:
2c:12:85:58:6e:0b:dc:c3:16:d8:15:f6:e3:fd:d8:59:95:1a:
a8:38:5a:e8:57:3f:af:ed:a5:7d:39:fe:fc:ac:59:87:b9:66:
fa:cb:ea:ae:0a:19:fb:d1:af:f3:25:61:96:3b:13:22:cf:d8:
38:8d:66:ac:58:d3:92:df:61:ef:20:19:ed:53:b3:fa:23:76:
48:ae:c5:3a:99:67:02:6d:09:2d:95:d7:c6:7f:a6:57:20:97:
19:ab:16:3b:06:34:3b:6f:5e:10:c5:4a:1a:05:bb:b0:74:40:
8e:79:0d:fc:8f:e5:93:b0:48:20:c6:5d:fb:57:3f:44:d6:ba:
b1:77:c7:88:3e:98:aa:f2:70:8d:6a:9f:2a:39:51:14:69:79:
79:c8:a1:a2
[root@host121 csr]#
