生成SSL证书
使用openssl生成證書
openssl是目前最流行的SSL密碼庫工具,其提供了一個通用、健壯、功能完備的工具套件,用以支持SSL/TLS協議的實現。
比如生成到:/usr/local/ssl
生成命令
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /usr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt生成過程:
# openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /u sr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt Generating a 2048 bit RSA private key ...............................................................................+ ++ ...............+++ writing new private key to '/usr/local/ssl/nginx.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:beijing Locality Name (eg, city) [Default City]:beijing Organization Name (eg, company) [Default Company Ltd]:xxxx Organizational Unit Name (eg, section) []:xxxx Common Name (eg, your name or your server's hostname) []:xxxx(一般是域名) Email Address []:xxxx@xxxx.com下面是上述命令相關字段含義:
Country ,單位所在國家,為兩位數的國家縮寫,如: CN 就是中國 State/Province ,單位所在州或省 Locality ,單位所在城市 / 或縣區 Organization ,此網站的單位名稱; Organization Unit,下屬部門名稱;也常常用于顯示其他證書相關信息,如證書類型,證書產品名稱或身份驗證類型或驗證內容等; Common Name ,網站的域名; Email Address ,郵箱地址生成結果
在/usr/local/ssl目錄下會生成nginx.crt和nginx.key文件
轉載于:https://www.cnblogs.com/mingyue5826/p/10782999.html
總結
- 上一篇: [firefox] Scrapbook
- 下一篇: 8148和8127中的ezsdk和dvr