本文介绍了证书签名请求(CSR)的概念及其在获取公开密钥证书过程中的作用。此外,还详细说明了如何使用 OpenSSL 工具生成 RSA 密钥对及 CSR 文件,并提供了查看 CSR 和证书内容的方法。
What's a CSR?
A Certificate Signing Request (CSR) is a message sent to a Certification Authority (CA) to request a public key certificate for an entity (such as a person or a web server). The majority of public key certificates issued are SSL certificates, which are used to secure communications with web sites. Before a CSR can be created, a key pair, which comprises a public and private key, must be generated.
Generate a Key
To generate an RSA key use the genrsa option. The command below generates a 2048 bit RSA key and saves it to a file called key.pem
openssl genrsa -out key.pem 2048
If you require that your private key file is protected with a passphrase, use the command below.
openssl genrsa -des3 -out key.pem 2048
Generate a CSR
If you already have a key, the command below can be used to generates a CSR and save it to a file called req.pem
This is an interactive command that will prompt you for fields that make up the subject distinguished name of the CSR.
openssl req -new -key key.pem -out req.pem
If you do not have a key, the command below will generate a new key and an associated CSR.
The private key will not be protected by a passphrase.
openssl req /
-new -newkey rsa:2048 -nodes /
-keyout key.pem -out req.pem
View the contents of a CSR
To decode a CSR you can use our online CSR Decoder. However, if you prefer to decode your CSR locally use the command below.
openssl req -in req.pem -noout -text
View the contents of a certificate
To decode a certificate you can use our online Certificate Decoder. However, if you prefer to decode your certificate locally use the command below.
openssl x509 -text -in cert.pem
扫一扫
399
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
