/*使用原有的RSA密钥生成证书请求文件,输入主体相关信息*/
linuxidc@linuxidc:~/test$ openssl req -new -key RSA.pem -passin pass:123456 -out client.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enteris what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be adefault value,
If you enter'.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:BJ
Organization Name (eg, company) [Internet Widgits Pty Ltd]:BJ
Organizational Unit Name (eg, section) []:BJ
Common Name (e.g. server FQDN or YOUR name) []:BJ
Email Address []:BJ
Please enter the following'extra' attributes
to be sent with your certificate request
A challenge password []:12345
An optional company name []:BJ
/*使用原有的RSA密钥生成证书请求文件,指定-batch选项,主体信息从配置文件读取*/
linuxidc@linuxidc:~/test$ openssl req -new -key RSA.pem -passin pass:123456 -out client.pem -batch
/*使用原有的RSA密钥生成证书请求文件,指定-batch选项,主体信息由命令行subj指定*/
linuxidc@linuxidc:~/test$ openssl req -new -key RSA.pem -passin pass:123456 -out client.pem -subj /C=AU/ST=Some-State/O=Internet
/*使用原有的RSA密钥生成证书请求文件,指定-batch选项,主体信息由命令行subj指定,且输出公钥*/
linuxidc@linuxidc:~/test$ openssl req -new -key RSA.pem -passin pass:123456 -out client.pem -subj /C=AU/ST=Some-State/O=Internet -pubkey
/*可以看到公钥和请求信息*/
linuxidc@linuxidc:~/test$ cat client.pem
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6e+hk0TAsYlPk5XB1tLCtCO8wQ7JMM
YQ9SMy4Q1liPg4TdgSkdfbLB2UXmzzMCp+ZBDk9txwtewqv7PVcvY0MCAwEAAQ==
-----END PUBLIC KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIIBGDCBwwIBADA1MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTER
MA8GA1UECgwISW50ZXJuZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAvp76GTRM
CxiU+TlcHW0sK0I7zBDskwxhD1IzLhDWWI+DhN2BKR19ssHZRebPMwKn5kEOT23H
C17Cq/s9Vy9jQwIDAQABoCkwJwYJKoZIhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsG
A1UdDwQEAwIF4DANBgkqhkiG9w0BAQUFAANBAFBiB0fTUwTSoFeQdTWIr3KXzDHP
bgLy1/nlJ71dYLfGGrR61RKmrXgpf76akURtF+gEXwLMfPO6FQlaIOYEe/c=
-----END CERTIFICATE REQUEST-----
linuxidc@linuxidc:~/test$
2、自动生成密钥,生成证书请求文件
/*自动1024位RSA密钥,并生成证书请求文件*/
linuxidc@linuxidc:~/test$ openssl req -new -newkey rsa:1024 -out client.pem -keyout RSA.pem -batch
Generating a1024 bit RSA private key
.......................................++++++
...............................++++++
writingnew private key to 'RSA.pem'
Enter PEM pass phrase:
Verifying- Enter PEM pass phrase:
-----
/*自动1024位RSA密钥,并生成证书请求文件,指定-nodes文件,密钥文件不加密*/
linuxidc@linuxidc:~/test$ openssl req -new -newkey rsa:1024 -out client.pem -keyout RSA.pem -batch -nodes
Generating a1024 bit RSA private key
..++++++
.........................++++++
writingnew private key to 'RSA.pem'
-----
/*生成1024位DSA密钥参数*/
linuxidc@linuxidc:~/test$ openssl dsaparam -out DSA.param 1024
Generating DSA parameters,1024 bit long prime
This could take some time
...+.+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++*
................+...........+......+.+.............+.+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++*
/*自动1024位DSA密钥,并生成证书请求文件,指定-nodes文件,密钥文件不加密*/
linuxidc@linuxidc:~/test$ openssl req -new -newkey dsa:DSA.param -out client.pem -keyout DSA.pem -batch -nodes
Generating a1024 bit DSA private key
writingnew private key to 'DSA.pem'
-----
3、生成自签名证书