发布日期：2021-06-30 20:15:37 浏览次数：2 分类：技术文章

本文共 4585 字，大约阅读时间需要 15 分钟。

在这里插入图片描述

在前面的文章中介绍了非交互方式生成CSR证书签名文件的方式，方法的本质是通过-subject选项传入dn的信息，而实际上openssl更为通用的方式是通过配置文件方式来进行，用过将promopt选项设定为no，同时传入dn所需要的各项设定值，则可以很容易地实现非交互方式生成CSR文件了，而且在openssl命令这种方式使用的更为常见，而且关联起来更加容易。

事前准备: 创建私钥

[root@liumiaocn csr]# openssl genrsa -out ca.key 2048Generating RSA private key, 2048 bit long modulus (2 primes).........................................................................+++++......+++++e is 65537 (0x010001)[root@liumiaocn csr]# lsca.key[root@liumiaocn csr]#

事前准备： CSR文件的配置设定

[root@liumiaocn csr]# cat csr_config.cnf [ req ]default_bits = 2048prompt = nodefault_md = sha256distinguished_name = dn[ dn ]C = CNST = LiaoNingL = DaLianO = devopsOU = unicornCN = devops.com[root@liumiaocn csr]#

CSR文件生成

[root@liumiaocn csr]# openssl req -new -key ca.key -config csr_config.cnf -out request.csr[root@liumiaocn csr]# lsca.key  csr_config.cnf  request.csr[root@liumiaocn csr]#

结果确认

[root@liumiaocn csr]# cat request.csr -----BEGIN CERTIFICATE REQUEST-----MIICrjCCAZYCAQAwaTELMAkGA1UEBhMCQ04xETAPBgNVBAgMCExpYW9OaW5nMQ8wDQYDVQQHDAZEYUxpYW4xDzANBgNVBAoMBmRldm9wczEQMA4GA1UECwwHdW5pY29ybjETMBEGA1UEAwwKZGV2b3BzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDIqkTjy6R7p3OWeSXXdqnsNB6mNvr3HD7e6FXlu5Eb/RhQor/y7Q+6LenB4cEIIIBDoRm4rhU4TC49+bzqDa85YQ/EaWCB9yoB6/djii9vN6HZCIYsiZCDGZw1wT7cGHpZWZGVY+oCJx2ditajVGgjsZWP6KcjiME8mJIAPz1R24hRpO77IpJ2j1DG+j1O68JRiZwXWVW30/0RyKOITEUZKEkoYxQQItt6fhH8AGc6ufLHWYjdw0gqu0PIZ4FKNlTqayDhTEa8MnnNASot2jwIxrm6YHp4Dyj/BRFfRgvI1XkCTKiJKOFJdBi6hwpz5r9UlRFRqzL29E9BAVSaSm0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAlSk24dBQ4DkbYR0scU8x2RRCJgfhEKezVHmAxa7uV9aDZpQPkfWzSB4S9PQLkUVayfgdG9+H7lP2Dim3DXYBer6tW+QihlizqUWk0qw+iOGCncYHeH9X8qZ118s6ao2qv6VXrhDg7+t9dFpvgc+/qylUe3NEk3pgW1ZC3fteFLhafZuXmousMZIto/8FMEswj1SRJD/ZUczO1N9MKEMJShAO2JQGDhTaGi1bKnI8du9NVod4Jzy/v2WYboy9qtKiNS7pLHDxMB/+HQg4yoyhdjBxBY9yyP29nLuPAVD35XA51YI11gGfBvfNdZCSOCm/t0cdqMmtf4FO22EMCMkFa-----END CERTIFICATE REQUEST-----[root@liumiaocn csr]# [root@liumiaocn csr]# openssl req -verify -in request.csr -noout -textverify OKCertificate Request:    Data:        Version: 1 (0x0)        Subject: C = CN, ST = LiaoNing, L = DaLian, O = devops, OU = unicorn, CN = devops.com        Subject Public Key Info:            Public Key Algorithm: rsaEncryption                RSA Public-Key: (2048 bit)                Modulus:                    00:d0:c8:aa:44:e3:cb:a4:7b:a7:73:96:79:25:d7:                    76:a9:ec:34:1e:a6:36:fa:f7:1c:3e:de:e8:55:e5:                    bb:91:1b:fd:18:50:a2:bf:f2:ed:0f:ba:2d:e9:c1:                    e1:c1:08:20:80:43:a1:19:b8:ae:15:38:4c:2e:3d:                    f9:bc:ea:0d:af:39:61:0f:c4:69:60:81:f7:2a:01:                    eb:f7:63:8a:2f:6f:37:a1:d9:08:86:2c:89:90:83:                    19:9c:35:c1:3e:dc:18:7a:59:59:91:95:63:ea:02:                    27:1d:9d:8a:d6:a3:54:68:23:b1:95:8f:e8:a7:23:                    88:c1:3c:98:92:00:3f:3d:51:db:88:51:a4:ee:fb:                    22:92:76:8f:50:c6:fa:3d:4e:eb:c2:51:89:9c:17:                    59:55:b7:d3:fd:11:c8:a3:88:4c:45:19:28:49:28:                    63:14:10:22:db:7a:7e:11:fc:00:67:3a:b9:f2:c7:                    59:88:dd:c3:48:2a:bb:43:c8:67:81:4a:36:54:ea:                    6b:20:e1:4c:46:bc:32:79:cd:01:2a:2d:da:3c:08:                    c6:b9:ba:60:7a:78:0f:28:ff:05:11:5f:46:0b:c8:                    d5:79:02:4c:a8:89:28:e1:49:74:18:ba:87:0a:73:                    e6:bf:54:95:11:51:ab:32:f6:f4:4f:41:01:54:9a:                    4a:6d                Exponent: 65537 (0x10001)        Attributes:            a0:00    Signature Algorithm: sha256WithRSAEncryption         25:4a:4d:b8:74:14:38:0e:46:d8:47:4b:1c:53:cc:76:45:10:         89:81:f8:44:29:ec:d5:1e:60:31:6b:bb:95:f5:a0:d9:a5:03:         e4:7d:6c:d2:07:84:bd:3d:02:e4:51:56:b2:7e:07:46:f7:e1:         fb:94:fd:83:8a:6d:c3:5d:80:5e:af:ab:56:f9:08:a1:96:2c:         ea:51:69:34:ab:0f:a2:38:60:a7:71:81:de:1f:d5:fc:a9:9d:         75:f2:ce:9a:a3:6a:af:e9:55:eb:84:38:3b:fa:df:5d:16:9b:         e0:73:ef:ea:ca:55:1e:dc:d1:24:de:98:16:d5:90:b7:7e:d7:         85:2e:16:9f:66:e5:e6:a2:eb:0c:64:8b:68:ff:c1:4c:12:cc:         23:d5:24:49:0f:f6:54:73:33:b5:37:d3:0a:10:c2:52:84:03:         b6:25:01:83:85:36:86:8b:56:ca:9c:8f:1d:bb:d3:55:a1:de:         09:cf:2f:ef:d9:66:1b:a3:2f:6a:b4:a8:8d:4b:ba:4b:1c:3c:         4c:07:ff:87:42:0e:32:a3:28:5d:8c:1c:41:63:dc:b2:3f:6f:         67:2e:e3:c0:54:3d:f9:5c:0e:75:60:8d:75:80:67:c1:bd:f3:         5d:64:24:8e:0a:6f:ed:d1:c7:6a:32:6b:5f:e0:53:b6:d8:43:         02:32:41:5a[root@liumiaocn csr]#

总结

通过将req段中prompt选项设定为no，然后将DN信息通过dn段传入distinguished_name字段，整体使用config选项将信息传递给openssl命令，即可非交互方式生成CSR证书签名文件。

转载地址：https://liumiaocn.blog.csdn.net/article/details/103547891 如侵犯您的版权，请留言回复原文章的地址，我们会给您删除此文章，给您带来不便请您谅解！

上一篇：SSL基础：23:生成Kubernetes集群证书(OpenSSL方式)

下一篇：SSL基础：21:使用ca子命令为其他证书签名

发表评论

关于作者

喝酒易醉，品茶养心，人生如梦，品茶悟道，何以解忧？唯有杜康！

-- 愿君每日到此一游！