{"id":5159,"date":"2013-06-24T20:47:06","date_gmt":"2013-06-24T12:47:06","guid":{"rendered":"http:\/\/jpuyy.com\/?p=5159"},"modified":"2017-05-23T17:19:55","modified_gmt":"2017-05-23T09:19:55","slug":"openssl-generate-csr","status":"publish","type":"post","link":"https:\/\/jpuyy.com\/?p=5159","title":{"rendered":"\u4f7f\u7528openssl\u521b\u5efaCSR\u6587\u4ef6"},"content":{"rendered":"

\u5728\u7533\u8bf7\u6b63\u89c4\u7684ssl\u8bc1\u4e66\u4e4b\u524d\uff0c\u9700\u8981\u5148\u5728\u672c\u673a\u751f\u6210CSR\u6587\u4ef6
\nLogin to your server via your terminal client (ssh). At the prompt, type:<\/p>\n

\u767b\u9646ssh\uff0c\u5728\u63d0\u793a\u7b26\u4e0b\u8f93\u5165\u547d\u4ee4\uff1a<\/p>\n

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr<\/pre>\n
where server is the name of your server.
\n\u8fd9\u91cc\u662fserver.csr\uff0c\u81ea\u5df1\u6839\u636e\u81ea\u5df1\u60c5\u51b5\u547d\u540d\u3002<\/p>\n
This will begin the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file used to apply for your SSL Certificate. This command will prompt for the following X.509 attributes of the certificate:<\/p>\n
\u8fd9\u5c06\u751f\u6210\u4e24\u4e2a\u6587\u4ef6\uff0c\u4e00\u4e2a\u662f\u79c1\u94a5\u6587\u4ef6\u7528\u4e8e\u89e3\u5bc6\u4f60\u7684SSL\u8bc1\u4e66\uff0c\u8fd8\u6709\u5c31\u662f\u7528\u4e8e\u7533\u8bf7SSL\u7684\u8bc1\u4e66\u7b7e\u540d\u8bf7\u6c42CSR\u6587\u4ef6\u3002<\/p>\n
\u5728\u751f\u6210\u8fc7\u7a0b\u4e2d\u6709\u5982\u4e0b\u63d0\u793a\uff1a
\nCountry Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
\nState or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
\nLocality or City (L): The Locality field is the city or town name, for example: Berkeley.
\nOrganization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corportation or XY and Z Corportation.
\nOrganizational Unit (OU): This field is the name of the department or organization unit making the request.
\nCommon Name (CN): The Common Name is the Host + Domain Name. It looks like “www.company.com” or “company.com”.
\nPlease do not enter your email address, challenge password or an optional company name when generating the CSR.<\/p>\n
\u5728\u751f\u6210CSR\u8fc7\u7a0b\u4e2d\uff0c\u8bf7\u4e0d\u8981\u586b\u5199email\uff0c\u5f3a\u5bc6\u7801\u548c\u5907\u7528\u516c\u53f8\u540d<\/p>\n
\u6700\u540e\u5c06\u751f\u6210server.csr<\/p>\n
\u5982\u679c\u8981\u81ea\u8ba4\u8bc1\u8bc1\u4e66 server.crt <\/p>\n
openssl x509 -req -in server.csr -signkey server.key -out server.crt<\/pre>\n
\u8ba1\u7b97 crt \u7684 finger print<\/p>\n
\r\nSHA-256\r\nopenssl x509 -noout -fingerprint -sha256 -inform pem -in [certificate-file.crt] \r\n \r\nSHA-1\r\nopenssl x509 -noout -fingerprint -sha1 -inform pem -in [certificate-file.crt]\r\n\r\nMD5\r\nopenssl x509 -noout -fingerprint -md5 -inform pem -in [certificate-file.crt] \r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
\u5728\u7533\u8bf7\u6b63\u89c4\u7684ssl\u8bc1\u4e66\u4e4b\u524d\uff0c\u9700\u8981\u5148\u5728\u672c\u673a\u751f\u6210CSR\u6587\u4ef6 Login to your server via your terminal client (ssh). At the prompt, type: \u767b\u9646ssh\uff0c\u5728\u63d0\u793a\u7b26\u4e0b\u8f93\u5165\u547d\u4ee4\uff1a openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr where server is the name of your server. \u8fd9\u91cc\u662fserver.csr\uff0c\u81ea\u5df1\u6839\u636e\u81ea\u5df1\u60c5\u51b5\u547d\u540d\u3002 This will begin the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[23],"class_list":["post-5159","post","type-post","status-publish","format-standard","hentry","category-life","tag-summary"],"_links":{"self":[{"href":"https:\/\/jpuyy.com\/index.php?rest_route=\/wp\/v2\/posts\/5159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jpuyy.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jpuyy.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jpuyy.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/jpuyy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5159"}],"version-history":[{"count":10,"href":"https:\/\/jpuyy.com\/index.php?rest_route=\/wp\/v2\/posts\/5159\/revisions"}],"predecessor-version":[{"id":8143,"href":"https:\/\/jpuyy.com\/index.php?rest_route=\/wp\/v2\/posts\/5159\/revisions\/8143"}],"wp:attachment":[{"href":"https:\/\/jpuyy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jpuyy.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jpuyy.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}