SSL基础:16:非交互方式生成CSR证书签名文件

在这里插入图片描述
这篇文章介绍一下CSR证书请求文件交互方式和非交互方式的生成方法。

交付方式 vs 非交互方式

不使用配置文件

不使用配置文件生成CSR证书签名请求文件的示例日志如下所示:

[root@liumiaocn certificate]# openssl req -new -key ca.key -out request.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:LiaoNing
Locality Name (eg, city) []:DaLian
Organization Name (eg, company) [Internet Widgits Pty Ltd]:devops
Organizational Unit Name (eg, section) []:unicorn
Common Name (e.g. server FQDN or YOUR name) []:devops.com
Email Address []:liumiaocn@outlook.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@liumiaocn certificate]# 

更详细的内容可参看:https://liumiaocn.blog.csdn.net/article/details/103482436

非交互方式

设定选项设定选项说明
openssl req创建证书签名请求等功能
-nodes对私钥不进行加密
-new创建CSR证书签名文件
-out指定CSR输出文件名
-subj指定证书Subject内容

Subject设定内容说明

字段含义设定值例
/C=CountryCN
/ST=StateLiaoNing
/L=LocationDaLian
/O=Organizationdevops
/OU=Organizationalunicorn
/CN=Common Namedevops.com
[root@host121 csr]# ls
[root@host121 csr]# openssl genrsa -out ca.key
Generating RSA private key, 2048 bit long modulus (2 primes)
................................................................+++++
............................................+++++
e is 65537 (0x010001)
[root@host121 csr]# 
[root@host121 csr]# ls
ca.key
[root@host121 csr]# 
[root@host121 csr]# openssl req -new -key ca.key -out request.csr -subj "/C=CN/ST=LiaoNing/L=DaLian/O=devops/OU=unicorn/CN=devops.com"
[root@host121 csr]# ls
ca.key  request.csr
[root@host121 csr]#

CSR文件确认

[root@host121 csr]# openssl req -text -noout -verify -in request.csr 
verify OK
Certificate Request:
    Data:
        Version: 1 (0x0)
        Subject: C = CN, ST = LiaoNing, L = DaLian, O = devops, OU = unicorn, CN = devops.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3f:fb:af:b6:e1:44:4b:81:ec:e2:7a:5d:7a:
                    0b:ef:cf:f3:be:04:d9:f9:c4:47:a9:71:c6:35:66:
                    1e:d8:0d:2c:9d:5a:d3:4f:91:e9:14:ef:cc:c2:37:
                    6b:6a:12:78:80:6b:80:26:d6:41:bf:28:ff:9f:e0:
                    8f:27:a6:89:ba:62:cd:34:e1:5e:50:e5:a5:d2:cc:
                    1e:0e:96:d2:e5:63:03:8b:b4:41:4c:c3:4b:0a:6e:
                    8f:b7:31:14:07:5b:68:a2:18:e4:2c:d2:99:cf:54:
                    22:d4:e2:67:88:73:c2:3a:16:e9:d2:cd:5b:f4:d3:
                    4e:d1:5a:00:2d:cf:cd:bf:48:68:dd:f1:6d:42:ad:
                    77:3b:4d:e7:52:6e:fa:3c:46:2e:77:22:8d:95:9e:
                    04:e8:a5:ce:f2:c4:7e:90:a4:3d:8f:44:f3:a7:d9:
                    a2:a6:bb:f6:4c:5f:32:d9:05:eb:5c:2f:eb:da:cb:
                    e0:68:20:4a:f6:1e:0f:1f:fd:eb:37:76:fd:11:c9:
                    06:b0:2a:a1:f4:36:1f:5d:e7:da:60:96:88:ac:94:
                    c0:12:bc:5a:2f:9d:c0:02:37:34:f7:f0:42:c4:62:
                    9a:60:73:64:ea:cd:cc:e6:2b:09:60:12:09:ea:96:
                    4e:a7:b5:20:00:fd:03:98:61:3d:e7:31:5f:ca:84:
                    46:db
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
         86:7a:7c:b7:90:82:2c:78:f6:87:e9:ec:65:8d:ea:f1:24:29:
         2b:2d:64:26:aa:ca:67:c9:d4:6a:a9:df:30:63:63:73:41:24:
         be:3b:a4:fe:06:91:80:69:74:9d:08:8c:e5:37:b4:f2:3f:0c:
         0c:6d:cc:91:94:33:2a:2b:8f:c9:a7:95:4d:d6:1b:88:c8:5e:
         af:d0:ac:0e:8c:9e:5a:7a:84:7f:27:2d:c4:00:10:d7:88:f4:
         4e:3d:1a:de:90:d7:22:71:12:7b:f2:f4:21:0e:a3:e6:43:ea:
         2c:12:85:58:6e:0b:dc:c3:16:d8:15:f6:e3:fd:d8:59:95:1a:
         a8:38:5a:e8:57:3f:af:ed:a5:7d:39:fe:fc:ac:59:87:b9:66:
         fa:cb:ea:ae:0a:19:fb:d1:af:f3:25:61:96:3b:13:22:cf:d8:
         38:8d:66:ac:58:d3:92:df:61:ef:20:19:ed:53:b3:fa:23:76:
         48:ae:c5:3a:99:67:02:6d:09:2d:95:d7:c6:7f:a6:57:20:97:
         19:ab:16:3b:06:34:3b:6f:5e:10:c5:4a:1a:05:bb:b0:74:40:
         8e:79:0d:fc:8f:e5:93:b0:48:20:c6:5d:fb:57:3f:44:d6:ba:
         b1:77:c7:88:3e:98:aa:f2:70:8d:6a:9f:2a:39:51:14:69:79:
         79:c8:a1:a2
[root@host121 csr]# 
淼叔 CSDN认证博客专家 神经网络 TensorFlow NLP
资深架构师,PMP、OCP、CSM、HPE University讲师,EXIN DevOps Professional与DevOps Master认证讲师,曾担任HPE GD China DevOps & Agile Leader,帮助企业级客户提供DevOps咨询培训以及实施指导。熟悉通信和金融领域,有超过十年金融外汇行业的架构设计、开发、维护经验,在十几年的IT从业生涯中拥有了软件开发设计领域接近全生命周期的经验和知识积累,著有企业级DevOps技术与工具实战。
已标记关键词 清除标记
相关推荐
©️2020 CSDN 皮肤主题: 数字20 设计师:CSDN官方博客 返回首页