The process of generating the certificate with openssl

1. certificate openssl installed can perform the following command to generate a private key and a corresponding request file

ca openssl req -new -keyout private.key -out for_request.csr
Generating a 2048 bit RSA private key
.............+++
....................................................................................................+++
writing new private key to 'private.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
Verify failure
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:CN
State or Province Name (full name) []:sichuan
Locality Name (eg, city) []:chengdu
Organization Name (eg, company) []:zchd
Organizational Unit Name (eg, section) []:Dev
Common Name (eg, fully qualified host name) []:zchd.ltd
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
➜  ca ls
for_request.csr private.key
➜  ca cat for_request.csr
-----BEGIN CERTIFICATE REQUEST-----
MIICyjCCAbICAQAwgYQxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdzaWNodWFuMRAw
DgYDVQQHDAdjaGVuZ2R1MQ0wCwYDVQQKDAR6Y2hkMQwwCgYDVQQLDANEZXYxETAP
BgNVBAMMCHpjaGQubHRkMSEwHwYJKoZIhvcNAQkBFhJ6Y2hkLmx0ZEBnbWFpbC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCng+pbIhGhTHoNiCtG
jL75cF8aWre255+zMzVCYAqsQKUAG57MdRA4rgwIvJ9bkXDtEEjA4+a+o8xwp1od
BvsyPNPYmc5Bp5dCLKypnmGI18VzzJRu6wxrYNAMdv2DfrlHK+bD4KVr1PeoYbsh
YKEL125eIM9+ + Xr79fY VWhZqbfgK5X1HWakx4CvOCzWwjGoobkKHJJgyJpxN9Y87 
cAkP5q62f / b0VHTI1h83cbvQCKgL3J2P0ZtKhHMFPCmFkz27aL9hmfzw95iifbYb 
XST8gfcBnGWv / P5pk5wdDoiTuC / QqHuozqc3TKFjLP3oTUgXMPURYWgwLvAJYna9 
f9vdAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAcXoWDs4B0hfvoARErsFv43 / Z 
B6xX9fCwiTOQQea2gb2AXGY6I5dj9QIU8 / q / tPoFWGxAw3phkJN7vC1qnOaqv5DX 
upwHp3zIDZCwioDwAedIpbV5sJomDapzVY0ww2MC44sf6YnZGZIUO4q5DGpMBNVf 
x8bhStKmkk90QrNFHD6V2REuw9Y / + hDdan2WJaj1i / bkIadXnNjBYjSr98K6XXjf 
EG25lftuDXL4ykKL8gu4kdM8X86TMXFB7fTuZBrvN6S3aw88RiECw8FCEBDRzuAx 
e2gqRdihsLe6oWFhzs / TlCK81CMXH9CrnZnAGbx + == nFBfXcKvCYYm1oTxXmJIjw
-----END CERTIFICATE REQUEST-----
➜  ca openssl req -in for_request.csr -noout -text
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=CN, ST=sichuan, L=chengdu, O=zchd, OU=Dev, CN=zchd.ltd/emailAddress=[email protected]
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a7:83:ea:5b:22:11:a1:4c:7a:0d:88:2b:46:8c:
                    be:f9:70:5f:1a:5a:b7:b6:e7:9f:b3:33:35:42:60:
                    0a:ac:40:a5:00:1b:9e:cc:75:10:38:ae:0c:08:bc:
                    9f:5b:91:70:ed:10:48:c0:e3:e6:be:a3:cc:70:a7:
                    5a:1d:06: the fb: 32 :3c:d3:d8:99 : CE: 41 : A7: 97 : 42 : 2c: the 
                    ac: A9: 9e: 61 : 88 : D7: C5: 73 : the cc : 94 : 6e: EB: 0c: 6b: 60 : 
                    D0: 0c: 76 : FD: 83 : 7e: B9: 47 : 2b: E6: C3: E0: A5: 6b: D4: 
                    F7: Forum a8: 61 : Bb: 21 : 60 : a1 's : 0b: D7: 6e: 5e: 20 : Cf: 7e: 5e: 
                    Be: FD: 7d: 8f: 95 : 5a: 16 : 6a: 6d: f8 , : 0a: E5: 7d:47 :59 : 
                    a9: 31 : e0: 2b: ce: 0b : 35 : b0: 8c: 6a: 28 : 6e: 42 : 87 : 24 :
                     98 : 32 : 26 : 9c: 4d: f5: 8f : 3b: 70 : 09 : 0f: e6: ae: b6: 7f: 
                    f6: f4: 54 : 74 : c8: d6: 1f: 37 : 71 : bb: d0: 08 : a8: 0b: dc: 
                    9d: 8f: d1: 9b: 4a: 84 : 73 : 05 : 3c: 29 : 85 : 93 : 3d: Bb: 68 : 
                    Bf: 61 : 99 : the fc: F0: F7: 98 : A2: 7d: B6: 1b: 5d: 24 : the fc: 81 : 
                    F7: 01 : 9c: 65 : AF: the fc: fe 's : 69 : 93 : 9c: 1d: 0e: 88 : 93 : 8b: 
                    2f: D0: Forum a8: 7b: Forum a8: CE: A7: 37 : 4c: a1 's : 63 : 2c: FD: E8: 4d:
                     48 : 17 : 30 : F5: 11 : 61 : 68 :30:2e:f0:09:62:76:bd:7f:
                    db:dd
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
         71:7a:16:0e:ce:01:d2:17:ef:a0:04:44:ae:c1:6f:e3:7f:d9:
         07:ac:57:f5:f0:b0:89:33:90:41:e6:b6:81: Bd: 80 : 5c: 66 : 3a:
          23 : 97 : 63 : F5: 02 : 14 : F3: FA: Bf: B4: FA: 05 : 58 : 6c: 40 : C3: 7a: 61 :
          90 : 93 : 7b: BC: 2d: 6a: 9c: E6: by aa: Bf: 90 : D7: by ba: 9c: 07 : A7: 7c: C8: 
         0d: 90 : B0: 8a: 80 : F0: 01 : E7: 48 : A5: B5: 79 : B0: 9a: 26 : 0d: by aa: 73 :
          55: 8d: 30 : c3: 63 : 02 : e3: 8b: 1f: e9: 89 : d9: 19 : 92 : 14 : 3b: 8a: b9: 
         0c: 6a: 4c: 04 : d5: 5f: c7: c6 : e1: 4a: d2: a6 : 92 : 4f: 74 : 42 : b3: 45 : 
         1c: 3e: 95 : d9: 11 : 2e: c3: d6: 3f : fa: 10 : dd : 6a: 7d: 96 : 25 : a8: f5: 
         8b: f6: e4: 21 : a7: 57 : 9c: d8: c1: 62 : 34 : ab: f7: c2: ba : 5d: 78:df:
         10:6d:b9:95:fb:6e:0d:72:f8:ca:42:8b:f2:0b:b8:91:d3:3c:
         5f:ce:93:31:71:41:ed:f4:ee:64:1a:ef:37:a4:b7:6b:0f:3c:
         46:21:02:c3:c1:42:10:10:d1:ce:e0:31:7b:68:2a:45:d8:a1:
         b0:b7:ba:a1:61:61:ce:cf:d3:94:22:bc:d4:23:17:1f:d0:ab:
         9d:99:c0:19:bc:7e:9c:50:5f:5d:c2:af:09:86:26:d6:84:f1:
         5e:62:48:8f

The build process need to enter locations, organizations, and other common name. Generating a private key and stored in PEM csr default file format, content base64 encoded.

Note that under the user-generated private key, the private key file once lost, CA party because they do not hold private information and can not be recovered, by means of the certificate in the public key encrypted content can not be decrypted.

 

Guess you like

Origin www.cnblogs.com/jackluo/p/10983883.html