用openssl创建包含utf8字符的证书请求文件(csr)

从命令行创建CSR文件

$> openssl req -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr
Generating a 2048 bit RSA private key
.........................+++
........................+++
writing new private key to 'example.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BEIJING
Locality Name (eg, city) []:BEIJING
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Beijing Example Technologies Inc.
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:*.example.com
Email Address []:

Please enter the following ’extra’ attributes to be sent with your certificate request A challenge password []: An optional company name []:

文件生成好之后,可以用下面的命令检查生成的文件,也可以到http://certlogik.com/decoder/进行检查。

openssl req -in example.csr -noout -text

如果公司名称,城市等信息需要中文的话,上面的命令就不行了。
根据这篇帖子的提示,首先创建一个openssl.conf文件:

RANDFILE               = $ENV::HOME/.rnd

[ req ] string_mask = utf8only utf8 = yes default_bits = 2048 default_keyfile = example.key distinguished_name = req_distinguished_name prompt = no

[ req_distinguished_name ] C = CN ST = 北京 L = 北京 O = 北京XX科技有限公司 OU = IT CN = *.example.com

然后使用命令生成CSR:

openssl req -config openssl.conf -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr 

参考链接:

https://support.globalsign.com/customer/portal/articles/1221285-generate-csr---nginx
http://www.digicert.com/csr-creation-nginx.htm
http://wiki.nginx.org/HttpSslModule
http://stackoverflow.com/questions/13221554/how-to-generate-csr-for-ssl-that-works-with-nginx-apache
https://groups.google.com/forum/#!topic/mailing.openssl.users/X3xMfvCn1_I
http://www.openssl.org/docs/apps/req.html


Last modified on 2013-12-30