OPENSSL生成CSR(证书签名请求)

申请SSL证书,首先要生成证书签名请求,下面是在服务器上通过OpenSSL生成CSR和key私钥,在安装有openssl的服务器上输入如下命令 ,然后回车,这将生成key 和 CSR,以下命令中的域名可以替换成你自己的域名。

openssl req -out www_sslaaa_com.csr -new -sha256 -newkey rsa:2048 -nodes -keyout www_sslaaa_com.key

以上是生成CSR和私钥的命令, 以下是整个生成过程供参考。

[root@lala ~]# openssl req -out www_sslaaa_com.csr -new -sha256 -newkey rsa:2048 -nodes -keyout www_sslaaa_com.key
Generating a 2048 bit RSA private key

.........................................................................+++
...................................................+++
writing new private key to 'www_sslaaa_com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN //国家 中国填写CN 
State or Province Name (full name) []: Guangdong //省 
Locality Name (eg, city) [Default City]: Guangzhou //市 
Organization Name (eg, company) [Default Company Ltd]:  中山市镭铭网络科技有限公司  //填写组织或企业名称 ,如果是个人可以填写网站域名或者个人姓名  
Organizational Unit Name (eg, section) []: IT //部门 
Common Name (eg, your name or your server's hostname) []: www.sslaaa.com //这个最重要 填写要申请证书的域名 
Email Address []: kf@sslaaa.com //邮箱 可不填写

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //不用填写 回车即可
An optional company name []: //不用填写 回车即可


完成后将生成两个文件 www_sslaaa_com.csr 和 www_sslaaa_com.key ,打开www_sslaaa_com.csr ,复制里面所有代码,用于申请证书 ,保存好 www_sslaaa_com.key ,安装的时候要用到这个文件。

openssl