申请SSL证书,首先要生成证书请求文件CSR,下面是在服务器上通过OpenSSL生成CSR和key私钥,在安装有openssl的服务器上输入如下命令 ,然后回车,这将生成key 和 CSR
openssl req -out server.csr -new -sha256 -newkey rsa:2048 -nodes -keyout server.key
以上是生成CSR和私钥的命令, 以下是整个生成过程供参考。
[root@lala ~]# openssl req -out server.csr -new -sha256 -newkey rsa:2048 -nodes -keyout server.key
Generating a 2048 bit RSA private key
.........................................................................+++
...................................................+++
writing new private key to 'www_cheapssl_cn.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN //国家 中国填写CN
State or Province Name (full name) []: Guangdong //省
Locality Name (eg, city) [Default City]: Guangzhou //市
Organization Name (eg, company) [Default Company Ltd]: 中山市镭铭网络科技有限公司 //填写组织或企业名称 ,如果是个人可以填写网站域名或者个人姓名
Organizational Unit Name (eg, section) []: IT //部门
Common Name (eg, your name or your server's hostname) []: www.cheapssl.cn //这个最重要 填写要申请证书的域名
Email Address []: info@cheapssl.cn //邮箱 可不填写Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //不用填写 回车即可
An optional company name []: //不用填写 回车即可
完成后将生成两个文件 server.csr 和 server.key ,打开 server.csr ,复制里面所有代码,用于申请证书 ,保存好 server.key ,安装的时候要用到这个文件。
打开 server.csr ,打开这个文件 ,你会看到一段包含如下开头和结尾的代码
—–BEGIN CERTIFICATE REQUEST—–
.......
—–END CERTIFICATE REQUEST—–
请复制这段代码用于申请SSL证书
打开 server.key ,打开这个文件 ,你会看到一段包含如下开头和结尾的代码
—–BEGIN RSA PRIVATE KEY—–
......
—–END RSA PRIVATE KEY—–
上一篇: DirectAdmin 生成CSR
下一篇: 付款方式