Linux
SSL 證書請求的非互動式創建
有沒有辦法通過在初始命令上指定所有必需的參數來創建 SSL 證書請求?我正在編寫一個基於 CLI 的 Web 伺服器控制面板,如果可能,我想在執行時避免使用期望
openssl
。這是創建證書請求的典型方法:
$ openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout foobar.com.key -out foobar.com.csr Generating a 2048 bit RSA private key .................................................+++ ........................................+++ writing new private key to 'foobar.com.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New Sweden Locality Name (eg, city) []:Stockholm Organization Name (eg, company) [Internet Widgits Pty Ltd]:Scandanavian Ventures, Inc. Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:foobar.com Email Address []:gustav@foobar.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:FooBar
我希望看到這樣的東西:( 不起作用的例子)
$ openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout foobar.com.key -out foobar.com.csr \ -Country US \ -State "New Sweden" \ -Locality Stockholm \ -Organization "Scandanavian Ventures, Inc." \ -CommonName foobar.com \ -EmailAddress gustav@foobar.com \ -Company FooBar
精美的手冊頁對此事無話可說,我也無法通過 Google 找到任何內容。SSL 證書請求生成必須是一個互動式過程,還是有某種方法可以在單個命令中指定所有參數?
這是在 Debian 派生的 Linux 發行版上執行
openssl 1.0.1
.
您缺少兩部分:
主題行,可以稱為
-subj "/C=US/ST=New Sweden/L=Stockholm /O=.../OU=.../CN=.../emailAddress=..."
- 將 … 替換為值,即
X=
X509 程式碼(組織/組織單位/等…)密碼值,可以稱為
-passout pass:client11 -passin pass:client11
- 給出輸出/輸入密碼
我對新鑰匙的呼喚看起來像
openssl genrsa -aes256 -out lib/client1.key -passout pass:client11 1024 openssl rsa -in lib/client1.key -passin pass:client11 -out lib/client1-nokey.key openssl req -new -key lib/client1.key -subj req -new \ -passin pass:client11 -out lib/client1.csr \ -subj "/C=US/ST=New Sweden/L=Stockholm/O=.../OU=.../CN=.../emailAddress=..."
(現在我看到了,有兩個
-new
……)