root@qin-B360MHD-PRO2:/home/qin/sslcert# vim openssl.cnf
# 创建配置文件 以下内筒写入openssl.cnf文件,此文件是自定义的 放到什么位置都行,下边会用到
##---------------------------start---------------------------------
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = CH
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = GD
localityName = Locality Name (eg, city)
localityName_default = ShenZhen
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = organizationalUnitName
commonName = Internet Widgits Ltd
commonName_max = 64
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
# 改成自己的域名
DNS.1 = zxqy.junxics.com
#DNS.2 = helpdesk.example.org
#DNS.3 = systems.example.net
# 改成自己的ip
#IP.1 = 121.18.159.110
##---------------------------end--到这里结束了,别粘多了-------------------------------
root@qin-B360MHD-PRO2:/home/qin/sslcert# mkdir zxqy
root@qin-B360MHD-PRO2:/home/qin/sslcert# ls
openssl.cnf zxqy
root@qin-B360MHD-PRO2:/home/qin/sslcert# openssl genrsa -out ./zxqy/zxqy.key 2048
root@qin-B360MHD-PRO2:/home/qin/sslcert# openssl req -new -out ./zxqy/zxqy.csr -key ./zxqy/zxqy.key -config openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CH]:
State or Province Name (full name) [GD]:HB
Locality Name (eg, city) [ShenZhen]:ShiJiaZhuang
Organizational Unit Name (eg, section) [organizationalUnitName]:junxikeji
Internet Widgits Ltd []:junxikeji
root@qin-B360MHD-PRO2:/home/qin/sslcert# openssl req -text -noout -in ./zxqy/zxqy.csr
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = CH, ST = HB, L = ShiJiaZhuang, OU = junxikeji, CN = junxikeji
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c4:96:8a:23:9e:4e:24:11:ca:b0:9e:cd:93:e5:
a8:a8:55:38:39:f7:ad:21:cf:8b:56:53:e3:ba:6d:
4d:80:8a:a2:64:60:e0:32:e1:d3:78:47:aa:e9:d1:
bf:a8:f2:80:69:32:6a:2b:94:08:31:3e:2c:29:ed:
d9:cc:6e:ee:43:0a:d7:54:e8:ee:23:b3:a1:d2:08:
c2:79:57:bc:74:1e:fd:15:83:96:ef:a4:83:98:6e:
be:35:fb:c8:4d:db:eb:17:8c:fd:06:8a:2e:c8:c9:
20:a0:ab:c0:12:62:a9:b5:a0:7a:65:d2:92:44:67:
73:8d:fa:b7:d8:c9:e6:4b:27:6c:35:51:12:dc:2c:
29:d1:9c:22:f8:b8:c7:9c:f5:95:6a:3a:e2:2f:04:
bd:54:1d:e0:ed:9e:f3:01:f5:8c:b3:04:b0:95:de:
2c:62:53:4f:19:6e:a4:39:b6:93:75:54:81:38:99:
1c:dd:52:14:28:b6:b1:0e:4d:93:99:16:f7:6a:36:
60:88:c7:7d:01:a0:d8:ab:0a:2c:06:98:06:d4:79:
13:92:d4:0b:28:43:2d:1a:48:70:f0:21:50:ac:f5:
3e:42:a8:f8:db:46:8f:c9:40:b3:37:b3:ec:7b:a8:
76:bf:21:90:3e:5a:0a:0f:1f:d2:11:de:58:11:e7:
dc:eb
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
DNS:zxqy.junxics.com
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
87:1a:31:03:8f:c7:43:5d:34:02:6f:9a:c8:05:2b:3a:d1:3d:
cf:a6:50:5c:6e:92:79:59:76:f7:e9:05:33:a0:8f:26:ba:c0:
ee:86:58:d5:ba:e7:ba:26:c7:c8:0e:72:77:9e:0e:25:fa:a5:
74:5a:0b:2f:c0:e9:22:bf:a8:3d:49:5f:5d:45:08:e0:86:08:
5d:2a:37:1e:41:80:e9:96:f0:46:60:f9:a3:48:77:07:57:21:
74:ae:9c:7f:47:93:5e:21:31:d8:ae:93:a2:23:84:4b:7b:3e:
ec:5f:a9:b1:8f:33:f7:e3:a2:87:ae:9a:73:7f:bc:fd:93:de:
4d:ed:05:91:21:e0:7a:5c:6a:f6:7e:92:7c:9c:43:8e:3f:71:
d3:59:78:97:35:c9:90:d0:59:b1:94:6e:50:97:54:e5:db:56:
8d:ba:27:3f:f5:ef:2d:21:d1:84:8b:0f:c8:91:8e:29:6e:91:
90:a4:c4:37:30:ba:98:64:22:7a:db:f4:68:0d:bb:f1:5e:ba:
1b:a5:69:8b:3a:b7:ec:45:82:06:e4:90:81:4f:bb:d8:e4:d6:
79:3f:00:12:5b:e8:10:8a:70:95:a9:35:3c:93:33:fc:8e:6d:
72:a3:91:c6:cf:58:f7:96:3f:f9:cc:af:87:d1:80:63:20:87:
2f:c3:95:f6
root@qin-B360MHD-PRO2:/home/qin/sslcert# openssl x509 -req -days 3650 -in ./zxqy/zxqy.csr -signkey ./zxqy/zxqy.key -out ./zxqy/zxqy.crt -extensions v3_req -extfile openssl.cnf
Certificate request self-signature ok
subject=C = CH, ST = HB, L = ShiJiaZhuang, OU = junxikeji, CN = junxikeji
root@qin-B360MHD-PRO2:/home/qin/sslcert# ls zxqy/
zxqy.crt zxqy.csr zxqy.key
root@qin-B360MHD-PRO2:/home/qin/sslcert# tar -cvf zxqy.tar ./zxqy
./zxqy/
./zxqy/zxqy.key
./zxqy/zxqy.csr
./zxqy/zxqy.crt
root@qin-B360MHD-PRO2:/home/qin/sslcert#
Ubuntu本地生成SSL测试证书
最新推荐文章于 2024-07-11 22:46:59 发布