我生成了一个新的私钥和一个 csr
root@univhub:/# openssl req -out /etc/ssl/certs/univhub.csr -new -newkey rsa:2048 -nodes -keyout /etc/ssl/private/univhub.key
Generating a 2048 bit RSA private key
.............................................................+++
...............+++
writing new private key to '/etc/ssl/private/univhub.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:NP
State or Province Name (full name) [Some-State]:Bagmati
Locality Name (eg, city) []:Kathmandu
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Univhub Private Limited
Organizational Unit Name (eg, section) []:IT Department
Common Name (e.g. server FQDN or YOUR name) []:univhub.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
我的工作 apache 配置有以下几行
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
#SSLCertificateFile /etc/ssl/certs/univhub.csr
#SSLCertificateKeyFile /etc/ssl/private/univhub.key
当恢复注释行时,我在 apache 错误日志中得到一行
AH00016: Configuration Failed
答案1
CSR 需要经过验证并转换为证书,这通常是您向 SSL 公司付费购买的。您通常会购买证书并上传您的 CSR,然后将其作为经过验证的证书返回。