Apache-2.2
Ngnix + Apache 伺服器的 CSR 裸域和 www 域
我正在嘗試使用 positivessl保護裸域和 www 域(https://example.com和https://www.example.com )
- 對於此伺服器 cmd 將是
openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
或者它會是別的東西?
- 當伺服器要求通用名稱時,為了保護裸域和 www 域:我們應該輸入什麼?example.com 或 *example.com
伺服器是 Ubuntu 18.04 和 Ngnix + Apache 謝謝
你很接近:使用萬用字元方法並增加你的密鑰大小
openssl req -new -newkey rsa:4096 -nodes -out star_friends.com.csr -keyout star_friends.com.key -subj "/C=GH/ST=Greater-Accra/L=Accra/O=Friends LTD./CN=*.friends.com"
使用以下內容創建一個文件(修改以適合您的名稱)並將其保存為(例如)
example.cnf
您選擇的目錄中:[ req ] prompt = no string_mask = default # The size of the keys in bits: default_bits = 2048 distinguished_name = req_dn req_extensions = req_ext [ req_dn ] # Note that the following are in 'reverse order' to what you'd expect to see in # Windows and the numbering is irrelevant as long as each line's number differs. # Domain Components style: # Server name: # 2.DC = com # 1.DC = example # commonName = Acme Web Server # Locality style: # countryName = GB # stateOrProvinceName = London # localityName = Letsby Avenue # organizationName = Acme # 1.organizationalUnitName = IT Dept # 2.organizationalUnitName = Web Services # commonName = Acme Web Server # Or traditional org style: countryName = GB organizationName = Acme 1.organizationalUnitName = IT Dept 2.organizationalUnitName = Web Services commonName = Acme Web Server # Or: # commonName = www.example.com [ req_ext ] subjectAltName = @alt_names [alt_names] # To automatically copy the CN (in the case of a DNS name in the CN) use: # DNS.1 = ${req_dn::commonName} DNS.1 = www.example.com DNS.2 = example.com
執行以下命令來創建您的 CSR:
openssl req -nodes -new -keyout example.key -out example.csr -config example.cnf
請注意,這會將私鑰以純文字形式保留在您的系統上。根據您使用此密鑰的服務,您可能需要考慮通過
-nodes
從命令中刪除動詞來保護它。