憑證安裝支援
Apache 2.x 生成CSR文章類別:生成 CSR|發布時間:2010 年 10 月 14 日
第一步:生成數位憑證請求文件(CSR)
進入OpenSSL安裝的目錄,運行如下命令生成私鑰:
openssl genrsa -des3 2048 -out server.key
Loading ´screen´ into random state - done
Generating RSA private key, 2048 bit long modulus
..........++++++
........++++++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
如果使用-des3參數,將會需要輸入一個密碼對私鑰進行加密,如不需要對私鑰加密請不要使用-des3選項。輸入兩次密碼後,將會生成server.key私鑰文件,運行如下命令生成憑證請求文件(CSR)
openssl req -new -key server.key –out server.csr
如是Windows系統,請使用下面命令生成憑證請求文件(CSR)
set OPENSSL_CONF=openssl.cnf
openssl req -new -key server.key -out server.csr
接下來提提示輸入私鑰密碼和申請數位憑證的詳細訊息
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ´.´, the field will be left blank.
-----
Country Name (2 letter code) []:CN
State or Province Name (full name) []:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) []:GlobalSign
Organizational Unit Name (eg, section) []:IT Dept.
Common Name (eg, your websites domain name) []:cn.globalsign.com
Email Address []:
Please enter the following ´extra´ attributes
to be sent with your certificate request
A challenge password []:
從Email地址開始,下面的訊息都不需要,請保留為空,直接迴車即可。需要輸入的訊息說明請見下表:
|
字段 |
說明 |
示例 |
|
Country Name |
ISO國家代碼(兩位字符) |
CN |
|
State or Province Name |
所在省份 |
Shanghai |
|
Locality Name |
所在城市 |
Shanghai |
|
Organization Name |
公司名稱 |
GlobalSign |
|
Organizational Unit Name |
部門名稱 |
IT Dept. |
|
Common Name |
申請憑證的域名 |
Cn.globalsign.com |
|
Email Address |
不需要輸入 |
|
|
A challenge password |
不需要輸入 |
|
完成以上的操作後會在對應的目錄下生成server.key 和 server.csr,請妥善保存這兩個文件。
第二步:提交CSR,申請數位憑證
遞交憑證申請表及相關資料,並把憑證請求文件(CSR)提交給我們。確認資料齊全後,三個工作日內完成憑證頒發。
關鍵字:Apache,CSR,代碼,簽名,數位憑證,憑證
相關文章
