有没有办法通过在初始命令上指定所有必需参数来创建SSL证书请求?我正在写一个
CLI-based web server control panel,如果可能的话,我想在执行openssl时避免使用
expect.
这是创建证书请求的典型方法:
$openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout foobar.com.key -out foobar.com.csr Generating a 2048 bit RSA private key .................................................+++ ........................................+++ writing new private key to 'foobar.com.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value,If you enter '.',the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New Sweden Locality Name (eg,city) []:Stockholm Organization Name (eg,company) [Internet Widgits Pty Ltd]:Scandanavian Ventures,Inc. Organizational Unit Name (eg,section) []: Common Name (e.g. server FQDN or YOUR name) []:foobar.com Email Address []:gustav@foobar.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:FooBar
我希望看到这样的事情:( unworking example)
$openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout foobar.com.key -out foobar.com.csr \ -Country US \ -State "New Sweden" \ -Locality Stockholm \ -Organization "Scandanavian Ventures,Inc." \ -CommonName foobar.com \ -EmailAddress gustav@foobar.com \ -Company FooBar
这个精美的男人页面没有什么可说的,我也无法通过谷歌找到任何东西. SSL证书请求生成必须是一个交互式过程,还是有一些方法可以在一个命令中指定所有参数?
这是在运行openssl 1.0.1的Debian派生的Linux发行版上.
解决方法
你缺少两部分:
主题行,可以称为
-subj "/C=US/ST=New Sweden/L=Stockholm /O=.../OU=.../CN=.../emailAddress=..."
>用值替换…,X =是X509代码(Organization / OrganisationUnit / etc ……)
密码值,可以称为
-passout pass:client11 -passin pass:client11
>提供输出/输入密码
我对新密钥的调用看起来像
openssl genrsa -aes256 -out lib/client1.key -passout pass:client11 1024
openssl rsa -in lib/client1.key -passin pass:client11 -out lib/client1-nokey.key
openssl req -new -key lib/client1.key -subj req -new \
-passin pass:client11 -out lib/client1.csr \
-subj "/C=US/ST=New Sweden/L=Stockholm/O=.../OU=.../CN=.../emailAddress=..."
(现在我看到它,有两个 – 新……)
