linux – 非交互式创建SSL证书请求

概述有没有办法通过在初始命令上指定所有必需参数来创建SSL证书请求？我正在写一个 CLI-based web server control panel,如果可能的话,我想在执行openssl时避免使用 expect. 这是创建证书请求的典型方法： $openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout foobar.com.key -out 有没有办法通过在初始命令上指定所有必需参数来创建SSL证书请求？我正在写一个 CLI-based web server control panel,如果可能的话,我想在执行openssl时避免使用 expect.

这是创建证书请求的典型方法：

$openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout foobar.com.key -out foobar.com.csrGenerating a 2048 bit RSA private key.................................................+++........................................+++writing new private key to 'foobar.com.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a distinguished name or a DN.There are quite a few fIElds but you can leave some blankFor some fIElds there will be a default value,If you enter '.',the fIEld will be left blank.-----Country name (2 letter code) [AU]:USState or Province name (full name) [Some-State]:New SwedenLocality name (eg,city) []:StockholmOrganization name (eg,company) [Internet WIDgits Pty Ltd]:Scandanavian Ventures,Inc.Organizational Unit name (eg,section) []:Common name (e.g. server FQDN or YOUR name) []:foobar.comEmail Address []:gustav@foobar.comPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:Foobar

我希望看到这样的事情:( unworking example)

$openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout foobar.com.key -out foobar.com.csr \-Country US \-State "New Sweden" \-Locality Stockholm \-Organization "Scandanavian Ventures,Inc." \-Commonname  foobar.com \-EmailAddress gustav@foobar.com \-Company Foobar

这个精美的男人页面没有什么可说的,我也无法通过谷歌找到任何东西. SSL证书请求生成必须是一个交互式过程,还是有一些方法可以在一个命令中指定所有参数？

这是在运行openssl 1.0.1的Debian派生的linux发行版上.

解决方法 你缺少两部分：

主题行,可以称为

-subj "/C=US/ST=New Sweden/L=Stockholm /O=.../OU=.../CN=.../emailAddress=..."

>用值替换…,X =是X509代码(Organization / OrganisationUnit / etc ……)

密码值,可以称为

-passout pass:clIEnt11-passin  pass:clIEnt11

>提供输出/输入密码

我对新密钥的调用看起来像

openssl genrsa -aes256 -out lib/clIEnt1.key -passout pass:clIEnt11 1024openssl rsa -in lib/clIEnt1.key -passin pass:clIEnt11 -out lib/clIEnt1-nokey.keyopenssl req -new -key lib/clIEnt1.key -subj req -new \    -passin pass:clIEnt11 -out lib/clIEnt1.csr \    -subj "/C=US/ST=New Sweden/L=Stockholm/O=.../OU=.../CN=.../emailAddress=..."

(现在我看到它,有两个 – 新……)

总结

以上是内存溢出为你收集整理的linux – 非交互式创建SSL证书请求全部内容，希望文章能够帮你解决linux – 非交互式创建SSL证书请求所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。