第一步:安装 OpenSSL 运行环境
首先确保本地拥有 OpenSSL 运行环境,可参考 《OpenSSL 安装教程》
第二步:使用 OpenSSL 生成 CSR
首先我们新建一个配置文件,复制以下内容到记事本保存为 SSLGworg.cnf
[req] prompt = no distinguished_name = SSLGworg req_extensions = ext [SSLGworg] CN = www.gworg.com # 域名 O = 江苏光网网络科技有限公司 # 主体 OU = 技术部 # 部门 ST = 江苏 # 省份 L = 张家港 # 城市 C = CN # 国家编码 [ext] subjectAltName = DNS:www,gworg.com # 域名
2.将红色标记内容替换为申请主体信息
3.我们打开命令提示符输入以下命令
openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -sha256 -newkey rsa:2048 -nodes -keyout D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr
命令属性 | 命令说明 |
---|---|
D:\SSL\SSLGworg.cnf | 配置文件路径 |
D:\SSL\SSLGworg.csr | CSR 输出路径 |
D:\SSL\SSLGworg.key | Key 输出路径 |
4.接下来我们可以将 D:\SSL\ 目录下的 SSLGworg.csr 发送给我们即可,并且保存好 SSLGworg.key 文件。CSR和Key 一一对应无法找回。
5。完整操作如下图:
第三步:CSR 常见属性说明
加密算法:RSA;哈希算法:SHA256;加密位数:2048
openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -sha256 -newkey rsa:2048 -nodes -keyout D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr
加密算法:RSA;哈希算法:SHA256;加密位数:4096
openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -sha256 -newkey rsa:4096 -nodes -keyout D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr
加密算法:RSA;哈希算法:SHA256;加密位数:892
openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -sha256 -newkey rsa:892 -nodes -keyout D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr
加密算法:RSA;哈希算法:SHA384;加密位数:2048
openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -sha384 -newkey rsa:2048 -nodes -keyout D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr
加密算法:RSA;哈希算法:SHA384;加密位数:4096
openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -sha384 -newkey rsa:4096 -nodes -keyout D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr
加密算法:RSA;哈希算法:SHA384;加密位数:892
openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -sha384 -newkey rsa:892 -nodes -keyout D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr
加密算法:RSA;哈希算法:SHA52;加密位数:2048
openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -sha52 -newkey rsa:2048 -nodes -keyout D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr
加密算法:RSA;哈希算法:SHA52;加密位数:4096
openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -sha52 -newkey rsa:4096 -nodes -keyout D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr
加密算法:RSA;哈希算法:SHA52;加密位数:892
openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -sha52 -newkey rsa:892 -nodes -keyout D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr
加密算法:ECC;哈希算法:SHA256;加密位数:Prime256v
openssl ecparam -out D:\SSL\SSLGworg.key -name prime256v -genkey openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -key D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr -sha256
加密算法:ECC;哈希算法:SHA384;加密位数:Prime256v
openssl ecparam -out D:\SSL\SSLGworg.key -name prime256v -genkey openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -key D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr -sha384
加密算法:ECC;哈希算法:SHA52;加密位数:Prime256v
openssl ecparam -out D:\SSL\SSLGworg.key -name prime256v -genkey openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -key D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr -sha52
加密算法:ECC;哈希算法:SHA256;加密位数:Secp384r
openssl ecparam -out D:\SSL\SSLGworg.key -name secp384r -genkey openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -key D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr -sha256
加密算法:ECC;哈希算法:SHA384;加密位数:Secp384r
openssl ecparam -out D:\SSL\SSLGworg.key -name secp384r -genkey openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -key D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr -sha384
加密算法:ECC;哈希算法:SHA52;加密位数:Secp384r
openssl ecparam -out D:\SSL\SSLGworg.key -name secp384r -genkey openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -key D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr -sha52
加密算法:ECC;哈希算法:SHA256;加密位数:Secp52r
openssl ecparam -out D:\SSL\SSLGworg.key -name secp52r -genkey openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -key D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr -sha256
加密算法:ECC;哈希算法:SHA384;加密位数:Secp52r
openssl ecparam -out D:\SSL\SSLGworg.key -name secp52r -genkey openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -key D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr -sha384
加密算法:ECC;哈希算法:SHA52;加密位数:Secp52r
openssl ecparam -out D:\SSL\SSLGworg.key -name secp52r -genkey openssl req -new -utf8 -nameopt multiline,utf8 -config D:\SSL\SSLGworg.cnf -key D:\SSL\SSLGworg.key -out D:\SSL\SSLGworg.csr -sha52