最近更新时间:2021-01-25 12:16:01
在申请证书前,用户需要提交CSR文件,以完成身份校验并生成证书公钥文件。生成CSR文件时会同时生成私钥文件,请妥善保管和备份。
openssl req -new -nodes -sha256 -newkey rsa:2048 -keyout myprivate.key -out mydomain.csr
字段 | 解释 | 示例 | 约束 |
---|---|---|---|
Country Name | ISO国家代码 | CN | 英文大写,两位字符 |
State or Province Name | 所在省份 | 北京 | 中英文均可 |
Locality Name | 所在城市 | 北京 | 中英文均可 |
Organization Name | 公司名称 | 北京金山云网络技术有限公司 | 中英文均可 |
Organizational Unit Name | 部门名称 | 产品部 | 中英文均可 |
Common Name | 申请证书的域名 | www.ksyun.com | |
Email Address | 无需输入 | ||
A challenge password | 无需输入 | ||
An optional company name | 无需输入 |
[root@xxxx ~]# openssl req -new -nodes -sha256 -newkey rsa:2048 -keyout myprivate.key -out mydomain.csr
Generating a 2048 bit RSA private key
............................+++
...................+++
writing new private key to 'myprivate.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:Beijing xxx Technologies.Inc.
Organizational Unit Name (eg, section) []:IT Dept
Common Name (eg, your name or your server's hostname) []:www.myhost.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
1.输入指令 keytool -genkey -alias cert -keyalg RSA -keysize 2048 -keystore ./domain.jks
2.输入证书保护密码,并按提示输入以下信息,注意:此处填写的信息要和补全证书信息时填写的内容一致
问题 | 解释 | 示例 | 约束 |
---|---|---|---|
What is your first and last name? | 申请证书的域名 | www.ksyun.com | |
What is the name of your organizational unit? | 部门名称 | 产品部 | 中英文均可 |
What is the name of your organization? | 公司名称 | 北京金山云网络技术有限公司 | 中英文均可 |
What is the name of your City or Locality? | 所在城市 | 北京 | 中英文均可 |
What is the name of your State or Province? | 所在省份 | 北京 | 中英文均可 |
What is the two-letter country code for this unit? | ISO国家代码 | CN | 英文大写,两位字符 |
4.完成后确认信息无误,[no]:Y 输入
5.输入密钥密码
6.通过证书文件生成证书请求
keytool -certreq -sigalg SHA256withRSA -alias mycert -keystore ./mydomain.jks -file ./mydomain.csr
完成
纯净模式