$> openssl req -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr
Generating a 2048 bit RSA private key
.........................+++
........................+++
writing new private key to 'example.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BEIJING
Locality Name (eg, city) []:BEIJING
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Beijing Example Technologies Inc.
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:*.example.com
Email Address []:
Please enter the following ’extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
文件生成好之后,可以用下面的命令检查生成的文件,也可以到http://certlogik.com/decoder/进行检查。
openssl req -in example.csr -noout -text
如果公司名称,城市等信息需要中文的话,上面的命令就不行了。
根据这篇帖子的提示,首先创建一个openssl.conf文件:
RANDFILE = $ENV::HOME/.rnd
[ req ]
string_mask = utf8only
utf8 = yes
default_bits = 2048
default_keyfile = example.key
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
C = CN
ST = 北京
L = 北京
O = 北京XX科技有限公司
OU = IT
CN = *.example.com
然后使用命令生成CSR:
openssl req -config openssl.conf -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr
参考链接:
https://support.globalsign.com/customer/portal/articles/1221285-generate-csr---nginx
http://www.digicert.com/csr-creation-nginx.htm
http://wiki.nginx.org/HttpSslModule
http://stackoverflow.com/questions/13221554/how-to-generate-csr-for-ssl-that-works-with-nginx-apache
https://groups.google.com/forum/#!topic/mailing.openssl.users/X3xMfvCn1_I
http://www.openssl.org/docs/apps/req.html
Last modified on 2013-12-30