Openssl req命令
2015-07-23 22:18
435 查看
一、简介
req指令用来创建和处理PKCS#10格式的证书
二、语法
选项
三、实例
1、根据私钥生成证书请求
方式1
方式2
交互式
非交互式
2、用私钥验证请求签名
3、生成一个自签名的根证书
4、生成带中文支持的请求(UTF-8)
5、生成带扩展项的请求
req指令用来创建和处理PKCS#10格式的证书
二、语法
openssl req [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-text] [-pubkey] [-noout] [-verify] [-modulus] [-nodes] [-subject] [-passin arg] [-passout arg] [-key filename] [-keyform PEM|DER] [-keyout filename] [-rand file(s)] [-newkey rsa:bits] [-newkey dsa:file] [-newkey ec:file] [-digest] [-config filename] [-subj arg] [-multivalue-rdn] [-new] [-batch] [-x509] [-days n] [-set_serial n] [-newhdr][-asn1-kludge][ -no-asn1-kludge][-extensions section] [-reqexts section] [-utf8] [-nameopt option] [-reqopt option][-verbose] [engine id]
选项
-inform arg input format - DER or PEM -outform arg output format - DER or PEM -in arg input file -out arg output file -text text form of request -pubkey output public key -noout do not output REQ -verify verify signature on REQ -modulus RSA modulus -nodes don't encrypt the output key -engine e use engine e, possibly a hardware device -subject output the request's subject -passin private key password source -key file use the private key contained in file -keyform arg key file format -keyout arg file to send the key to -rand file:file:... load the file (or the files in the directory) into the random number generator -newkey rsa:bits generate a new RSA key of 'bits' in size -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file' -newkey ec:file generate a new EC key, parameters taken from CA in 'file' -[digest] Digest to sign with (see openssl dgst -h for list) -config file request template file. -subj arg set or modify request subject -multivalue-rdn enable support for multivalued RDNs -new new request. -batch do not ask anything during request generation -x509 output a x509 structure instead of a cert. req. -days number of days a certificate generated by -x509 is valid for. -set_serial serial number to use for a certificate generated by -x509. -newhdr output "NEW" in the header lines -asn1-kludge Output the 'request' in a format that is wrong but some CA's have been reported as requiring -extensions .. specify certificate extension section (override value in config file) -reqexts .. specify request extension section (override value in config file) -utf8 input characters are UTF8 (default ASCII) -nameopt arg - various certificate name options -reqopt arg - various request text options
三、实例
1、根据私钥生成证书请求
方式1
openssl genrsa -des -passout pass:"123456" -out prikey.pem 1024 openssl req -key prikey.pem -passin pass:"123456" -new -out cerreq.pem
方式2
交互式
openssl req -newkey rsa:1024 -keyout prikey.pem -passout pass:"123456" -new -out cerreq.pem
非交互式
openssl req -newkey rsa:1024 -keyout prikey.pem -passout pass:"123456" -config openssl.cnf -new -out cerreq.pem
2、用私钥验证请求签名
openssl req -verify -key client_prikey.pem -in client_req.csr -passin pass:"123456" -noout
3、生成一个自签名的根证书
openssl req -x509 -newkey rsa:1024 -keyout prikey.pem -passout pass:"123456" -config openssl.cnf -new -out certself.pem
4、生成带中文支持的请求(UTF-8)
openssl req -newkey rsa:1024 -keyout ca_prikey.key -passout pass:"123456" -new -x509 -utf8 -config openssl_utf8.cnf -out ca_self.pem 参考:http://blog.chinaunix.net/uid-7591044-id-1742939.html
5、生成带扩展项的请求
http://bbs.csdn.net/topics/380025010
参考:http://blog.csdn.net/as3luyuan123/article/details/16811787
相关文章推荐
- Linux kernel 分析之二十一:定时器-巧妙的定时器算法
- apache无法解析php解决方法
- linux awk命令详解
- Linux kernel 分析之二十:内存管理-内核中的页表映射总结
- mate-desktop安装在其他目录时一些配置信息
- Linux kernel 分析之十九:阅读源代码技巧-变量命名规则
- Linux下Nagios的安装与配置
- Linux kernel 分析之十八:设计模式-文件系统与抽象工厂
- Toxophily-数论以及二分三分
- apache commons vfs 文件夹监控
- Dockerfile 中CMD 和 ENTRYPOINT指令
- linux 配置authorized_keys连接时仍需要密码的解决办法
- linux命令 ps 列出进程
- hadoop权威指南气象数据下载
- centos(x86 64位系统)使用boost
- CentOS6.4防火墙iptables
- [翻译] popping
- ARM裸机程序研究 - 编译和链接
- Openssl asn1parse命令
- Linux环境下列出指定目录下的所有文件