如何使用 OpenSSL 自动读取证书信息

Question 1

您可以创建一个配置文件并在命令中使用它。例如，您可以创建一个名为的配置文件openssl.cnf并像这样使用它：

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.cert -config ./openssl.cnf

根据您的情况，您可以设置以下参数：

[ req_distinguished_name ]
# Variable name             Prompt string
#-------------------------    ----------------------------------
0.organizationName          = Organization Name (company)
organizationalUnitName          = Organizational Unit Name (department, division)
emailAddress                = Email Address
emailAddress_max            = 40
localityName                = Locality Name (city, district)
stateOrProvinceName         = State or Province Name (full name)
countryName             = Country Name (2 letter code)
countryName_min             = 2
countryName_max             = 2
commonName              = Common Name (hostname, IP, or your name)
commonName_max              = 64

更多详情请访问http://www.flatmtn.com/article/setting-openssl-create-certificates#SSLCert-4

Answer

您可以创建一个配置文件并在命令中使用它。例如，您可以创建一个名为的配置文件openssl.cnf并像这样使用它：

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.cert -config ./openssl.cnf

根据您的情况，您可以设置以下参数：

[ req_distinguished_name ]
# Variable name             Prompt string
#-------------------------    ----------------------------------
0.organizationName          = Organization Name (company)
organizationalUnitName          = Organizational Unit Name (department, division)
emailAddress                = Email Address
emailAddress_max            = 40
localityName                = Locality Name (city, district)
stateOrProvinceName         = State or Province Name (full name)
countryName             = Country Name (2 letter code)
countryName_min             = 2
countryName_max             = 2
commonName              = Common Name (hostname, IP, or your name)
commonName_max              = 64

更多详情请访问http://www.flatmtn.com/article/setting-openssl-create-certificates#SSLCert-4

Question 2

您的配置文件中的某处需要以下内容：

[ req ]
prompt                 = no
distinguished_name     = req_distinguished_name

[ req_distinguished_name ]
countryName             = GB
stateOrProvinceName     = Provinceshire
localityName            = Locationsville
organizationName        = Example Ltd
organizationalUnitName  = PKI
commonName              = www.example.com

prompt = no部分中的会[ req ]停止您看到的提示并更改部分中预期的格式distinguished_name。如果您没有此选项，OpenSSL 将期望您当前的提示格式。

请注意，字段的顺序是可以改变的，并且决定了证书中的顺序。

Answer

您的配置文件中的某处需要以下内容：

[ req ]
prompt                 = no
distinguished_name     = req_distinguished_name

[ req_distinguished_name ]
countryName             = GB
stateOrProvinceName     = Provinceshire
localityName            = Locationsville
organizationName        = Example Ltd
organizationalUnitName  = PKI
commonName              = www.example.com

prompt = no部分中的会[ req ]停止您看到的提示并更改部分中预期的格式distinguished_name。如果您没有此选项，OpenSSL 将期望您当前的提示格式。

请注意，字段的顺序是可以改变的，并且决定了证书中的顺序。

Question 3

它也可以从脚本运行：

#!/bin/bash

country=WORLD   
state=mystate    
locality=Mycity   
organization=myorg    
organizationalunit=IT   
[email protected]

 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
 /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.cert -subj
 "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonname/emailAddress=$email"

发现于：http://www.jamescoyle.net/how-to/1073-bash-script-to-create-an-ssl-certificate-key-and-request-csr

Answer

它也可以从脚本运行：

#!/bin/bash

country=WORLD   
state=mystate    
locality=Mycity   
organization=myorg    
organizationalunit=IT   
[email protected]

 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
 /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.cert -subj
 "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonname/emailAddress=$email"

发现于：http://www.jamescoyle.net/how-to/1073-bash-script-to-create-an-ssl-certificate-key-and-request-csr

如何使用 OpenSSL 自动读取证书信息

答案1

答案2

答案3

相关内容