linux – 非交互式创建SSL证书请求

前端之家收集整理的这篇文章主要介绍了linux – 非交互式创建SSL证书请求前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
@H_404_0@
有没有办法通过在初始命令上指定所有必需参数来创建SSL证书请求?我正在写一个 CLI-based web server control panel,如果可能的话,我想在执行openssl时避免使用 expect.

这是创建证书请求的典型方法

$openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout foobar.com.key -out foobar.com.csr
Generating a 2048 bit RSA private key
.................................................+++
........................................+++
writing new private key to 'foobar.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,If you enter '.',the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New Sweden
Locality Name (eg,city) []:Stockholm
Organization Name (eg,company) [Internet Widgits Pty Ltd]:Scandanavian Ventures,Inc.
Organizational Unit Name (eg,section) []:
Common Name (e.g. server FQDN or YOUR name) []:foobar.com
Email Address []:gustav@foobar.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:FooBar

我希望看到这样的事情:( unworking example)

$openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout foobar.com.key -out foobar.com.csr \
-Country US \
-State "New Sweden" \
-Locality Stockholm \
-Organization "Scandanavian Ventures,Inc." \
-CommonName  foobar.com \
-EmailAddress gustav@foobar.com \
-Company FooBar

这个精美的男人页面没有什么可说的,我也无法通过谷歌找到任何东西. SSL证书请求生成必须是一个交互式过程,还是有一些方法可以在一个命令中指定所有参数?

这是在运行openssl 1.0.1的Debian派生的Linux发行版上.

解决方法

你缺少两部分:

主题行,可以称为

-subj "/C=US/ST=New Sweden/L=Stockholm /O=.../OU=.../CN=.../emailAddress=..."

>用值替换…,X =是X509代码(Organization / OrganisationUnit / etc ……)

密码值,可以称为

-passout pass:client11
-passin  pass:client11

>提供输出/输入密码

我对新密钥的调用看起来像

openssl genrsa -aes256 -out lib/client1.key -passout pass:client11 1024
openssl rsa -in lib/client1.key -passin pass:client11 -out lib/client1-nokey.key

openssl req -new -key lib/client1.key -subj req -new \
    -passin pass:client11 -out lib/client1.csr \
    -subj "/C=US/ST=New Sweden/L=Stockholm/O=.../OU=.../CN=.../emailAddress=..."

(现在我看到它,有两个 – 新……)

猜你在找的Linux相关文章