热门标签
热门文章
- 1把本地文件 formfile 拷贝到本地文件 tofile 的程序
- 2网络设备割接—七大步骤_网络割接的基本流程
- 3神经网络系列---常用梯度下降算法_神经网络梯度下降公式
- 4在Ubuntu安装软件时,显示“E:无法定位软件包_e: 无法定位软件包 zlibcminizip
- 5【Android】JetPack Compose开发,从入门到入土 (资料详解,一应俱全)_enablejetifier
- 6前端学习笔记____基础篇HTML&CSS_前端学习时,一个盒子上边时ul加li,下边是img,为社么给ul加padding-bottom没有效
- 7LLM大语言模型(六):RAG模式下基于PostgreSQL pgvector插件实现vector向量相似性检索_配置向量插件 大模型postgresql 苹果系统
- 8CentOS7下docker安装+基本操作_centos7安装docker
- 9grub关于linux与initrd、linuxefi与initrdefi、grud.d模板的一些记录_error: cant find command “linux” error: cant find
- 10Google新一代操作系统Fuchsia详解_新一代操作系统有哪些
当前位置: article > 正文
OpenSsl客户端生成证书请求,秘钥对的方法_openssl genrsa -out private.pem 2048
作者:我家小花儿 | 2024-03-25 08:33:58
赞
踩
openssl genrsa -out private.pem 2048
OpenSsl客户端生成证书请求,秘钥对的方法
1、创建私钥
openssl genrsa -out private.pem 2048
- 1
密钥长度,2048
2、创建公钥
openssl rsa -in private.pem -pubout -out public.pem
- 1
3、创建证书请求
openssl req -new -key private.pem -config myServer.cnf -out certReq.csr
- 1
使用私钥生成一个证书请求
certReq.csr,证书请求是用来做数据传输提交给CA证书中心,然后生成证书的。该证书请求是一个
PKCS#10文件。
myServer.cnf配置的是默认的请求参数,如果不配置指定这个文件,就使用系统默认的。
myServer.cnf如下:
[ req ] default_bits = 2048 default_keyfile = proxykey.pem distinguished_name = req_distinguished_name encrypt_rsa_key = no default_md = sha256 req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name \"C\" (2 letter code) countryName_default = CN stateOrProvinceName = State Name \"ST\" (full name) stateOrProvinceName_default = GuangDong localityName = Locality Name \"L\" (eg, city) localityName_default = GuangZhou organizationName = Organization Name \"O\" (eg, company) organizationName_default = ShiJu organizationalUnitName = Organizational Unit Name \"OU\" (eg, section) organizationalUnitName_default = Test 0.commonName = Common Name \"CN\" (eg, YOUR name) 0.commonName_default = emailAddress = Email Address emailAddress_default = test@example.com 1.commonName = Common Name \"CN\" (unique name) 1.commonName_default = 192.168.6.243 [ proxy_cert_ext ] keyUsage=digitalSignature,keyEncipherment,dataEncipherment basicConstraints=CA:FALSE subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer #proxyCertInfo=critical,language:id-ppl-inheritAll proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:ABCD [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = test.example.com DNS.2 = test.exmaple.net IP = 192.168.6.243
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
4、查看请求详细内容
openssl req -in certReq.csr -text
- 1
内容解释如下
Certificate Request: # 此为证书请求文件头 Data: Version: 0 (0x0) Subject: C=CN, ST=GD, O=DX # 此为提供的个人信息,注意左侧标头为"Subject",这是很重要的一项 Subject Public Key Info: Public Key Algorithm: rsaEncryption # 使用的公钥算法 Public-Key: (2048 bit) # 公钥的长度 Modulus: 00:ed:66:43:30:45:3c:c7:a6:4e:49:8c:d3:49:67: 1d:73:7d:c1:e2:32:8c:69:0b:d2:84:8d:22:03:75: 47:e6:a6:7a:6b:67:a7:ea:b7:c0:52:43:60:fb:61: ec:3d:39:8f:2b:c9:fd:d8:c5:53:b8:22:42:6c:04: a8:57:5e:62:a1:42:90:69:65:f8:a6:ea:f9:db:c8: 6b:a3:cc:35:10:31:b1:8e:c4:01:d9:5e:b2:ce:3d: 2f:c8:16:e4:8f:6e:07:ae:79:42:46:65:8f:5b:2e: f4:d3:29:a9:ff:6e:8c:ff:95:c6:14:80:fa:6a:5d: 01:24:18:5f:2b:87:07:e2:5b:58:8b:01:53:ef:ef: bf:0b:fb:19:c1:fa:56:3e:8a:12:04:10:88:d5:07: 4d:6e:ad:e3:41:e6:c3:e0:d0:da:47:6a:90:73:a8: 4d:a7:e9:52:51:61:29:cb:c2:eb:76:a8:70:02:d7: 2f:4a:35:6d:fe:22:a9:ae:da:2b:d1:c4:a1:35:ff: 3f:04:d8:8a:e6:42:b4:49:46:9e:e2:ee:72:08:8b: 6e:1d:22:d1:67:82:dd:a8:eb:89:6c:03:a1:bd:16: 49:3a:b2:cb:fc:b4:a3:18:1d:0f:ce:45:b9:4c:b3: 2e:bb:16:08:83:11:1a:0b:e8:13:21:a6:16:06:ad: a9:39 Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha256WithRSAEncryption # 为请求文件数字签名时使用的算法 50:09:53:fa:f4:d3:95:e8:5b:df:6f:44:f2:24:94:d3:49:6f: 16:35:d5:a1:cf:53:1c:33:8c:8e:aa:b4:37:e0:1d:e6:92:7d: 77:71:a8:80:3c:18:b5:ac:cb:f0:cc:c8:10:e4:c3:dc:a2:09: 5d:ea:62:e5:0d:98:55:6a:43:5e:74:48:d8:13:15:38:05:6b: 56:ae:22:0a:d5:d3:e2:42:ca:e4:67:fa:5b:43:65:80:7a:0d: 1f:7b:e2:80:05:a5:df:6d:a6:59:c2:86:8b:c3:99:30:e3:77: c2:2e:6b:25:3a:88:07:df:9a:7b:ca:d2:d2:26:dd:a4:80:ab: cc:66:81:49:73:87:fc:e0:1a:9f:5f:92:e8:b5:01:45:e3:f0: 06:51:09:f3:73:64:af:87:fe:96:95:d5:24:fe:fb:bd:2a:9d: 58:65:30:f1:45:ad:b2:74:9c:b3:b8:5a:dd:1b:1c:bd:70:3f: 5f:88:d3:5b:1e:cd:49:04:a9:48:e7:44:36:0a:c1:75:9c:15: 66:b6:fd:00:ef:ff:3e:9e:83:bf:7d:16:67:4a:f7:f5:1c:c3: 51:6c:50:21:a3:1b:bd:83:c0:0d:24:d7:a8:4b:d4:38:c2:aa: 96:ae:0e:a8:3e:0e:af:5a:16:96:93:8d:9c:36:80:3d:8a:fe: fc:e7:83:00 -----BEGIN CERTIFICATE REQUEST----- # 公钥 MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAO1mQzBFPMemTkmM00lnHXN9weIyjGkL0oSNIgN1 R+amemtnp+q3wFJDYPth7D05jyvJ/djFU7giQmwEqFdeYqFCkGll+Kbq+dvIa6PM NRAxsY7EAdless49L8gW5I9uB655QkZlj1su9NMpqf9ujP+VxhSA+mpdASQYXyuH B+JbWIsBU+/vvwv7GcH6Vj6KEgQQiNUHTW6t40Hmw+DQ2kdqkHOoTafpUlFhKcvC 63aocALXL0o1bf4iqa7aK9HEoTX/PwTYiuZCtElGnuLucgiLbh0i0WeC3ajriWwD ob0WSTqyy/y0oxgdD85FuUyzLrsWCIMRGgvoEyGmFgatqTkCAwEAAaAAMA0GCSqG SIb3DQEBCwUAA4IBAQBQCVP69NOV6Fvfb0TyJJTTSW8WNdWhz1McM4yOqrQ34B3m kn13caiAPBi1rMvwzMgQ5MPcogld6mLlDZhVakNedEjYExU4BWtWriIK1dPiQsrk Z/pbQ2WAeg0fe+KABaXfbaZZwoaLw5kw43fCLmslOogH35p7ytLSJt2kgKvMZoFJ c4f84BqfX5LotQFF4/AGUQnzc2Svh/6WldUk/vu9Kp1YZTDxRa2ydJyzuFrdGxy9 cD9fiNNbHs1JBKlI50Q2CsF1nBVmtv0A7/8+noO/fRZnSvf1HMNRbFAhoxu9g8AN JNeoS9Q4wqqWrg6oPg6vWhaWk42cNoA9iv7854MA -----END CERTIFICATE REQUEST-----
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
5、查看公钥
openssl req -in certReq.csr
- 1
6、验证请求文件是否被串改过
openssl req -verify -in certReq.csr -noout
- 1
7、自签署证书,可用于自建根CA时
openssl req -x509 -key private.pem -in certReq.csr -out CARoot.cer -days 365
- 1
这里只是模拟自建证书,实际证书自建还是由于CA颁发
证书扩展名可以是
.cer/.crt/.rsa
8、查看证书
cat CARoot.cer
- 1
证书内容如下,是经过编码的数据
-----BEGIN CERTIFICATE----- MIIDXTCCAkWgAwIBAgIJAMsVsoNWvs+CMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMjAwNDA5MDYyOTUxWhcNMjEwNDA5MDYyOTUxWjBF MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA7WZDMEU8x6ZOSYzTSWcdc33B4jKMaQvShI0iA3VH5qZ6a2en6rfAUkNg +2HsPTmPK8n92MVTuCJCbASoV15ioUKQaWX4pur528hro8w1EDGxjsQB2V6yzj0v yBbkj24HrnlCRmWPWy700ymp/26M/5XGFID6al0BJBhfK4cH4ltYiwFT7++/C/sZ wfpWPooSBBCI1QdNbq3jQebD4NDaR2qQc6hNp+lSUWEpy8LrdqhwAtcvSjVt/iKp rtor0cShNf8/BNiK5kK0SUae4u5yCItuHSLRZ4LdqOuJbAOhvRZJOrLL/LSjGB0P zkW5TLMuuxYIgxEaC+gTIaYWBq2pOQIDAQABo1AwTjAdBgNVHQ4EFgQUHCzauL5m m8t9E9Xg5wIFXF9YRH0wHwYDVR0jBBgwFoAUHCzauL5mm8t9E9Xg5wIFXF9YRH0w DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAodSIPBRdss72qk/6CHwA KmJZFSTQ85jsgOprIOWk7xWVU+Nqi2N/fPIAiuTwmT8FWxMcUpJCqm3J815BQtRp W8NCfVJwBv0T3GpPVvczTn8KE9/I/VB8FZKjEIgk97gNGXzi+RIGkyfHnl9blfmr YdQpYQ3Ezz993z8BzpEqgRAF0z0tXblapS7UudX+gs0pzQyEFuBmNQPmIjZBTK7P TtbZQzbP0U7Vk9Q3kV0uxywynL8s7IQK7aLPqgu3TF0LKR319AtI9O+pBTJNc6/J o5xhjai+2OYibVc2IrwVY9ge+/Vd+G3a+eqQ+g/sKZLu+tohTXrQnjdsS38lcGj/ 8Q== -----END CERTIFICATE-----
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
9、命名
| 简写字段 | 全名(OpenSSL) | 含义 |
|---|---|---|
| C | Country Name | 国家 |
| ST | State or Province Name | 省份,行政区 |
| L | Locality Name | 地址 |
| O | Organization Name | 单位组织或者公司 |
| OU | Organizational Unit Name | 单位组织下的单元或部门或分支 |
| CN | Common Name | 证书主体名称 |
| E | 电子邮件 |
注意:
上面的内容不同类型的DN的取值和编排会有所不同,所以只是作为一个参考。
本文内容由网友自发贡献,转载请注明出处:【wpsshop博客】
推荐阅读
相关标签
