Apache-2.2

Ngnix + Apache 伺服器的 CSR 裸域和 www 域

  • March 27, 2019

我正在嘗試使用 positivessl保護裸域和 www 域https://example.comhttps://www.example.com )

  1. 對於此伺服器 cmd 將是

openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

或者它會是別的東西?

  1. 當伺服器要求通用名稱時,為了保護裸域和 www 域:我們應該輸入什麼?example.com 或 *example.com

伺服器是 Ubuntu 18.04 和 Ngnix + Apache 謝謝

你很接近:使用萬用字元方法並增加你的密鑰大小

openssl req -new -newkey rsa:4096 -nodes -out star_friends.com.csr -keyout star_friends.com.key -subj "/C=GH/ST=Greater-Accra/L=Accra/O=Friends LTD./CN=*.friends.com"

使用以下內容創建一個文件(修改以適合您的名稱)並將其保存為(例如)example.cnf您選擇的目錄中:

[ req ]

prompt             = no
string_mask        = default

# The size of the keys in bits:
default_bits       = 2048
distinguished_name = req_dn
req_extensions     = req_ext

[ req_dn ]

# Note that the following are in 'reverse order' to what you'd expect to see in
# Windows and the numbering is irrelevant as long as each line's number differs.

# Domain Components style:
# Server name:
# 2.DC = com
# 1.DC = example
# commonName = Acme Web Server

# Locality style:
# countryName = GB
# stateOrProvinceName = London
# localityName = Letsby Avenue
# organizationName = Acme
# 1.organizationalUnitName = IT Dept
# 2.organizationalUnitName = Web Services
# commonName = Acme Web Server

# Or traditional org style:
countryName = GB
organizationName = Acme
1.organizationalUnitName = IT Dept
2.organizationalUnitName = Web Services
commonName = Acme Web Server
# Or:    
# commonName = www.example.com

[ req_ext ]

subjectAltName = @alt_names

[alt_names]
# To automatically copy the CN (in the case of a DNS name in the CN) use:
# DNS.1 = ${req_dn::commonName}
DNS.1 = www.example.com
DNS.2 = example.com

執行以下命令來創建您的 CSR:

openssl req -nodes -new -keyout example.key -out example.csr -config example.cnf

請注意,這會將私鑰以純文字形式保留在您的系統上。根據您使用此密鑰的服務,您可能需要考慮通過-nodes從命令中刪除動詞來保護它。

引用自:https://serverfault.com/questions/960283