alphassl_logo.png
关于 AlphaSSL
We are not any old reseller. AlphaSSL is powered by GlobalSign, the International Certificate Authority with its own highly trusted root CA certificates. Here at AlphaSSL.com we undergo an annual WebTrust audit and we operate under our own stringent set of policy statements and documents.
1.使用 openssl 工具生成私钥key
openssl genrsa -des3 -out clipchat.im.key 2048
此部分生成私钥时,不指定-des3参数 不需要输入密码短语(即passphrase)。为最大限度保证私钥安全,最好设置 passphrase 。
2.基于私钥key输出
openssl req -new -key clipchat.im.key -out clipchat.im.csr
以上两步可以用以下命令代替(注:没指定-des3)
openssl req -out clipchat.im.csr -new -newkey rsa:2048 -nodes -keyout clipchat.im.key
执行:
Generating a 2048 bit RSA private key
.................................................................................................................+++
...................................
............+++
writing new private key to 'clipchat.im.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:YJ
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:*.clipchat.im
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
3.查看生成的CSR
openssl req -noout -text -in clipchat.im.csr
确认无误后,将CSR文件上传至CA机构用于签发证书
4.接收CA证书,校验证书
openssl x509 -noout -text -in clipchat.im.pem
至此 clipchat.key 和 clipchat.pem 将用于后续部署。
参考:https://www.alphassl.com/support/create-csr/apache.html
https://support.globalsign.com/customer/portal/articles/1229769
网友评论