Useful OpenSSL Commands

本文介绍了证书签名请求(CSR)的概念及其在获取公开密钥证书过程中的作用。此外,还详细说明了如何使用 OpenSSL 工具生成 RSA 密钥对及 CSR 文件,并提供了查看 CSR 和证书内容的方法。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

What's a CSR?

A Certificate Signing Request (CSR) is a message sent to a Certification Authority (CA) to request a public key certificate for an entity (such as a person or a web server). The majority of public key certificates issued are SSL certificates, which are used to secure communications with web sites. Before a CSR can be created, a key pair, which comprises a public and private key, must be generated.

 

Generate a Key

To generate an RSA key use the genrsa option. The command below generates a 2048 bit RSA key and saves it to a file called key.pem

openssl genrsa -out key.pem 2048 

If you require that your private key file is protected with a passphrase, use the command below.

openssl genrsa -des3 -out key.pem 2048 

Generate a CSR

If you already have a key, the command below can be used to generates a CSR and save it to a file called req.pem

This is an interactive command that will prompt you for fields that make up the subject distinguished name of the CSR.

openssl req -new -key key.pem -out req.pem

If you do not have a key, the command below will generate a new key and an associated CSR.

The private key will not be protected by a passphrase.

openssl req /
     -new -newkey rsa:2048 -nodes /
     -keyout key.pem -out req.pem

View the contents of a CSR

To decode a CSR you can use our online CSR Decoder. However, if you prefer to decode your CSR locally use the command below.

openssl req -in req.pem -noout -text

View the contents of a certificate

To decode a certificate you can use our online Certificate Decoder. However, if you prefer to decode your certificate locally use the command below.

openssl x509 -text -in cert.pem

 

Reference:

http://www.redkestrel.co.uk/tools.html

yum install openssl-libs 已加载插件:fastestmirror base | 3.6 kB 00:00:00 Could not retrieve mirrorlist http://mirrorlist.centos.org?arch=x86_64&release=7&repo=sclo-rh error was 14: curl#6 - "Could not resolve host: mirrorlist.centos.org; 未知的名称或服务" One of the configured repositories failed (未知), and yum doesn't have enough cached data to continue. At this point the only safe thing yum can do is fail. There are a few ways to work "fix" this: 1. Contact the upstream for the repository and get them to fix the problem. 2. Reconfigure the baseurl/etc. for the repository, to point to a working upstream. This is most often useful if you are using a newer distribution release than is supported by the repository (and the packages for the previous distribution release still work). 3. Run the command with the repository temporarily disabled yum --disablerepo=<repoid> ... 4. Disable the repository permanently, so yum won't use it by default. Yum will then just ignore the repository until you permanently enable it again or use --enablerepo for temporary usage: yum-config-manager --disable <repoid> or subscription-manager repos --disable=<repoid> 5. Configure the failing repository to be skipped, if it is unavailable. Note that yum will try to contact the repo. when it runs most commands, so will have to try and fail each time (and thus. yum will be be much slower). If it is a very temporary problem though, this is often a nice compromise: yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true Cannot find a valid baseurl for repo: centos-sclo-rh/x86_64
05-12
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值