Use mac openssl to generate a certificate

The first step: Openssl generate a private key (RSA)

  //1、生成私钥
  $ openssl genrsa -aes128 -out fd.key 2048
  Generating RSA private key, 2048 bit long modulus
  ....+++
  ......................................................................................
  +++
  e is 65537 (0x10001)
  Enter pass phrase for fd.key: ****************
  Verifying - Enter pass phrase for fd.key: ****************


//2、查看fd.key:
  A:$ openssl rsa -text -in fd.key (只能查看私钥文件)  
  B:$ cat fd.key
  -----BEGIN RSA PRIVATE KEY-----
  Proc-Type: 4,ENCRYPTED
  DEK-Info: AES-128-CBC,01EC21976A463CE36E9DB59FF6AF689A                        
  vERmFJzsLeAEDqWdXX4rNwogJp+y95uTnw+bOjWRw1+O1qgGqxQXPtH3LWDUz1Ym
  mkpxmIwlSidVSUuUrrUzIL+V21EJ1W9iQ71SJoPOyzX7dYX5GCAwQm9Tsb40FhV/
  [21 lines removed...]
  4phGTprEnEwrffRnYrt7khQwrJhNsw6TTtthMhx/UCJdpQdaLW/TuylaJMWL1JRW
  i321s5me5ej6Pr4fGccNOe7lZK+563d7v5znAx+Wo1C+F7YgF+g8LOQ8emC+6AVV

Step Two: Generate a public key

//根据私钥生成公钥
$ openssl rsa -in fd.key -pubout -out fd-public.key
  Enter pass phrase for fd.key: ****************

Step 3: Create a certificate signing request CSR file

//创建证书 CSR 请求
$ openssl req -new -key fd.key -out fd.csr

//查看 CSR 文件
$ openssl req -text -in fd.csr -noout

//根据证书生成 CSR 文件
$ openssl x509 -x509toreq -in fd.crt -out fd.csr -signkey fd.key

Step Four: Generating a Certificate

//根据csr和公钥生成证书
$ openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt
//根据公钥生成证书
$ openssl req -new -x509 -days 365 -key fd.key -out fd.crt

//避免主题信息的输入

$ openssl req -new -x509 -days 365 -key fd.key -out fd.crt \
   -subj "/C=GB/L=London/O=Feisty Duck Ltd/CN=www.feistyduck.com”

other:

//1、证书格式转换
//pem->der
$ openssl x509 -inform PEM -in fd.pem -outform DER -out fd.der
//der->pem  
$ openssl x509 -inform DER -in fd.der -outform PEM -out fd.pem     
Published 172 original articles · won praise 35 · views 390 000 +

Guess you like

Origin blog.csdn.net/u012198553/article/details/78734272