生成私钥
openssl genrsa -des3 -out server.key 2048
输入2次密码
Generating RSA private key, 2048 bit long modulus
.....................................+++
...............................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
查看私钥
openssl rsa -text -in server.key
输入密码
modulus:
00:a8:6c:b0:8f:8e:4c:21:84:27:ac:81:a8:d1:c4:
a9:5d:1f:74:56:5b:b7:33:c2:2f:f6:e5:92:50:c3:
8b:45:2e:c7:85:c9:a1:7f:4a:4c:e2:1c:87:e7:dd:
53:1f:3a:4e:dd:8c:85:78:db:96:4d:3e:f1:2b:66:
.....................
cat server.key -----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CA8E728A3B7001A3
oFQ0Q88LoxwGeroGEEUkHimTuGvghDopO9WmeaMQyX0swCAXX4wt27TndijCT0Q5
A5B20o/c2+vyWpzQWSKfto/kgFVHE1OQELFf6njYlhlda0FpWaRjfenhKwQ0UpuB
LjtB2aE+ZRr9cJnHd+z2IalnyYeQDNJhzhbkRL+kqI9DVViH0kHo4cdG3WKo9vP9
zRJP9POKKRu7cjmZG6c/ZkjmBY0QYiG7EcuhSbj/eYvMEhkaTYJ/YExVxNm7u1gs
wvlSflhqg6qcgs+Y5iouwpOpeShKfHBn+FGzaJrUoWeeGT/op/5go1e8Pgipzax6
vozTykEWI8HfrdCivahKTpJpmxx3T3zobjpb7g3gaw3c1OuW1wqF28D6WeZw+DWV
..............................
创建证书签名请求CSR文件
输入私钥密码后提示输入信息,证书密码回车跳过,无密码,
我这里好像没输入域名翻车了,nginx使用证书无法访问
没有域名写IP
openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:LIAONING
Locality Name (eg, city) [Default City]:SHENYANG
Organization Name (eg, company) [Default Company Ltd]:RGSC
Organizational Unit Name (eg, section) []:SOFT
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:RGSC
查看csr文件如下命令
openssl req -text -in server.csr -noout
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=CN, ST=LIAONING, L=SHENYANG, O=RGSC, OU=SOFT
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a8:6c:b0:8f:8e:4c:21:84:27:ac:81:a8:d1:c4:
a9:5d:1f:74:56:5b:b7:33:c2:2f:f6:e5:92:50:c3:
8b:45:2e:c7:85:c9:a1:7f:4a:4c:e2:1c:87:e7:dd:
53:1f:3a:4e:dd:8c:85:78:db:96:4d:3e:f1:2b:66:
f0:a2:b6:d8:dd:7b:56:6f:44:a7:e4:30:3e:1b:4f:
85:54:41:88:2f:15:4c:9d:67:c1:d5:d5:16:64:ae:
be:0e:4f:73:b8:96:4c:38:e6:ff:48:0c:83:44:7f:
84:63:22:7e:af:31:94:47:cf:b4:2f:e3:0d:df:35:
27:db:36:fe:d2:a6:a9:f8:b1:63:0a:1c:cb:55:20:
53:8b:de:ca:8b:14:bf:49:8a:99:22:c1:dc:2b:fb:
.........................
生成CA证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
- x509的含义: 指定格式
- -in的含义: 指定请求文件
- -signkey的含义: 自签名
输入私钥密码,输出证书相关信息
Signature ok
subject=/C=CN/ST=LIAONING/L=SHENYANG/O=RGSC/OU=SOFT
Getting Private key
Enter pass phrase for server.key:
生成的证书文件
[root@dockerRepository ssl]# ll
总用量 12
-rw-r--r--. 1 root root 1143 10月 29 09:45 server.crt
-rw-r--r--. 1 root root 1001 10月 29 09:40 server.csr
-rw-r--r--. 1 root root 1743 10月 29 09:29 server.key