1. certificate openssl installed can perform the following command to generate a private key and a corresponding request file
ca openssl req -new -keyout private.key -out for_request.csr Generating a 2048 bit RSA private key .............+++ ....................................................................................................+++ writing new private key to 'private.key' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: Verify failure Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:CN State or Province Name (full name) []:sichuan Locality Name (eg, city) []:chengdu Organization Name (eg, company) []:zchd Organizational Unit Name (eg, section) []:Dev Common Name (eg, fully qualified host name) []:zchd.ltd Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: ➜ ca ls for_request.csr private.key ➜ ca cat for_request.csr -----BEGIN CERTIFICATE REQUEST----- MIICyjCCAbICAQAwgYQxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdzaWNodWFuMRAw DgYDVQQHDAdjaGVuZ2R1MQ0wCwYDVQQKDAR6Y2hkMQwwCgYDVQQLDANEZXYxETAP BgNVBAMMCHpjaGQubHRkMSEwHwYJKoZIhvcNAQkBFhJ6Y2hkLmx0ZEBnbWFpbC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCng+pbIhGhTHoNiCtG jL75cF8aWre255+zMzVCYAqsQKUAG57MdRA4rgwIvJ9bkXDtEEjA4+a+o8xwp1od BvsyPNPYmc5Bp5dCLKypnmGI18VzzJRu6wxrYNAMdv2DfrlHK+bD4KVr1PeoYbsh YKEL125eIM9+ + Xr79fY VWhZqbfgK5X1HWakx4CvOCzWwjGoobkKHJJgyJpxN9Y87 cAkP5q62f / b0VHTI1h83cbvQCKgL3J2P0ZtKhHMFPCmFkz27aL9hmfzw95iifbYb XST8gfcBnGWv / P5pk5wdDoiTuC / QqHuozqc3TKFjLP3oTUgXMPURYWgwLvAJYna9 f9vdAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAcXoWDs4B0hfvoARErsFv43 / Z B6xX9fCwiTOQQea2gb2AXGY6I5dj9QIU8 / q / tPoFWGxAw3phkJN7vC1qnOaqv5DX upwHp3zIDZCwioDwAedIpbV5sJomDapzVY0ww2MC44sf6YnZGZIUO4q5DGpMBNVf x8bhStKmkk90QrNFHD6V2REuw9Y / + hDdan2WJaj1i / bkIadXnNjBYjSr98K6XXjf EG25lftuDXL4ykKL8gu4kdM8X86TMXFB7fTuZBrvN6S3aw88RiECw8FCEBDRzuAx e2gqRdihsLe6oWFhzs / TlCK81CMXH9CrnZnAGbx + == nFBfXcKvCYYm1oTxXmJIjw -----END CERTIFICATE REQUEST----- ➜ ca openssl req -in for_request.csr -noout -text Certificate Request: Data: Version: 0 (0x0) Subject: C=CN, ST=sichuan, L=chengdu, O=zchd, OU=Dev, CN=zchd.ltd/emailAddress=[email protected] Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a7:83:ea:5b:22:11:a1:4c:7a:0d:88:2b:46:8c: be:f9:70:5f:1a:5a:b7:b6:e7:9f:b3:33:35:42:60: 0a:ac:40:a5:00:1b:9e:cc:75:10:38:ae:0c:08:bc: 9f:5b:91:70:ed:10:48:c0:e3:e6:be:a3:cc:70:a7: 5a:1d:06: the fb: 32 :3c:d3:d8:99 : CE: 41 : A7: 97 : 42 : 2c: the ac: A9: 9e: 61 : 88 : D7: C5: 73 : the cc : 94 : 6e: EB: 0c: 6b: 60 : D0: 0c: 76 : FD: 83 : 7e: B9: 47 : 2b: E6: C3: E0: A5: 6b: D4: F7: Forum a8: 61 : Bb: 21 : 60 : a1 's : 0b: D7: 6e: 5e: 20 : Cf: 7e: 5e: Be: FD: 7d: 8f: 95 : 5a: 16 : 6a: 6d: f8 , : 0a: E5: 7d:47 :59 : a9: 31 : e0: 2b: ce: 0b : 35 : b0: 8c: 6a: 28 : 6e: 42 : 87 : 24 : 98 : 32 : 26 : 9c: 4d: f5: 8f : 3b: 70 : 09 : 0f: e6: ae: b6: 7f: f6: f4: 54 : 74 : c8: d6: 1f: 37 : 71 : bb: d0: 08 : a8: 0b: dc: 9d: 8f: d1: 9b: 4a: 84 : 73 : 05 : 3c: 29 : 85 : 93 : 3d: Bb: 68 : Bf: 61 : 99 : the fc: F0: F7: 98 : A2: 7d: B6: 1b: 5d: 24 : the fc: 81 : F7: 01 : 9c: 65 : AF: the fc: fe 's : 69 : 93 : 9c: 1d: 0e: 88 : 93 : 8b: 2f: D0: Forum a8: 7b: Forum a8: CE: A7: 37 : 4c: a1 's : 63 : 2c: FD: E8: 4d: 48 : 17 : 30 : F5: 11 : 61 : 68 :30:2e:f0:09:62:76:bd:7f: db:dd Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha256WithRSAEncryption 71:7a:16:0e:ce:01:d2:17:ef:a0:04:44:ae:c1:6f:e3:7f:d9: 07:ac:57:f5:f0:b0:89:33:90:41:e6:b6:81: Bd: 80 : 5c: 66 : 3a: 23 : 97 : 63 : F5: 02 : 14 : F3: FA: Bf: B4: FA: 05 : 58 : 6c: 40 : C3: 7a: 61 : 90 : 93 : 7b: BC: 2d: 6a: 9c: E6: by aa: Bf: 90 : D7: by ba: 9c: 07 : A7: 7c: C8: 0d: 90 : B0: 8a: 80 : F0: 01 : E7: 48 : A5: B5: 79 : B0: 9a: 26 : 0d: by aa: 73 : 55: 8d: 30 : c3: 63 : 02 : e3: 8b: 1f: e9: 89 : d9: 19 : 92 : 14 : 3b: 8a: b9: 0c: 6a: 4c: 04 : d5: 5f: c7: c6 : e1: 4a: d2: a6 : 92 : 4f: 74 : 42 : b3: 45 : 1c: 3e: 95 : d9: 11 : 2e: c3: d6: 3f : fa: 10 : dd : 6a: 7d: 96 : 25 : a8: f5: 8b: f6: e4: 21 : a7: 57 : 9c: d8: c1: 62 : 34 : ab: f7: c2: ba : 5d: 78:df: 10:6d:b9:95:fb:6e:0d:72:f8:ca:42:8b:f2:0b:b8:91:d3:3c: 5f:ce:93:31:71:41:ed:f4:ee:64:1a:ef:37:a4:b7:6b:0f:3c: 46:21:02:c3:c1:42:10:10:d1:ce:e0:31:7b:68:2a:45:d8:a1: b0:b7:ba:a1:61:61:ce:cf:d3:94:22:bc:d4:23:17:1f:d0:ab: 9d:99:c0:19:bc:7e:9c:50:5f:5d:c2:af:09:86:26:d6:84:f1: 5e:62:48:8f
The build process need to enter locations, organizations, and other common name. Generating a private key and stored in PEM csr default file format, content base64 encoded.
Note that under the user-generated private key, the private key file once lost, CA party because they do not hold private information and can not be recovered, by means of the certificate in the public key encrypted content can not be decrypted.