有没有办法通过在初始命令上指定所有必需的参数来创建 SSL 证书请求?我正在编写一个基于 CLI 的 Web 服务器控制面板,如果可能,我想在执行时避免使用期望openssl。
这是创建证书请求的典型方式:
$ openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout foobar.com.key -out foobar.com.csr
Generating a 2048 bit RSA private key
.................................................+++
........................................+++
writing new private key to 'foobar.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New Sweden
Locality Name (eg, city) []:Stockholm
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Scandanavian Ventures, Inc.
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:foobar.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:FooBar
我希望看到这样的东西:( 不起作用的例子)
$ openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout foobar.com.key -out foobar.com.csr \
-Country US \
-State "New Sweden" \
-Locality Stockholm \
-Organization "Scandanavian Ventures, Inc." \
-CommonName foobar.com \
-EmailAddress [email protected] \
-Company FooBar
精美的手册页对此事无话可说,我也无法通过 Google 找到任何内容。SSL 证书请求生成必须是一个交互式过程,还是有某种方法可以在单个命令中指定所有参数?
这是在 Debian 派生的 Linux 发行版上运行openssl 1.0.1.
您缺少两部分:
主题行,可以称为
X=X509 代码(组织/组织单位/等...)密码值,可以称为
我对新钥匙的呼唤看起来像
(现在我看到了,有两个
-new……)我附加到我的常规 openssl 命令:
这一行:
描述:
像分隔符一样使用“/”。
检查官方文档
-batch中描述的选项。