[TOC]
生成证书
系统唯一的要求是必须是2048位加密长度CSR,而对CSR各个字段的内容没有任何要求,您可以随便写
Enter pass phrase for chanrongdai.com.key: XXXXX
openssl genrsa -aes256 -out chanrongdai.com.key 2048
(py3) eam/py_admin [master●] » openssl req -new -key chanrongdai.com.key -out chanrongdai.com.csr
Enter pass phrase for chanrongdai.com.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:CN
State or Province Name (full name) []:GuangDong
Locality Name (eg, city) []:ShenZhen
Organization Name (eg, company) []:Wosign CA Limited
Organizational Unit Name (eg, section) []:Wosign Support
Common Name (eg, fully qualified host name) []:www.chanrongdai.com
Email Address []:liyuanbing@chanrongdai.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:da2370282
在线申请WoSign数字证书
- 向WoSign申请了证书之后会受到邮件
- 点击邮件里面的链接,在浏览器里面会有如下页面
- 再把上一步生成的CSR文件内容copy 到左侧,点击“检查CSR”,之后提交
- 页面会提示“你的操作已成功,请查收域名验证邮箱”
验证域名
域名验证邮箱里面会有
Please place on a server connected to the domain chanrongdai.com in the folder
/.well-known/pki-validation/
a file named:
8fb05ab55367ab01a367060f396cae7e1e4c0cd9327be89f296e93f84a923271.html
– which should include the activation code:
8fb05ab55367ab01a367060f396cae7e1e4c0cd9327be89f296e93f84a923271
在网站更目录下面,执行:
mkdir -p .well-known .well-known/pki-validation/
cd .well-known/pki-validation/
echo '8fb05ab55367ab01a367060f396cae7e1e4c0cd9327be89f296e93f84a923271' > 8fb05ab55367ab01a367060f396cae7e1e4c0cd9327be89f296e93f84a923271.html
- 点击域名验证邮箱里面的“Verify domain”链接
- 之后把 chanrongdai.com.key 内容copy到服务器
- 其次,删除 .well-known文件夹
- 再次,等待沃通签发crt公钥文件
- 最后配置,重启Nginx看效果
点击链接提示如下: