How to manually generate ssl certificate for own site in Linux
- Generate ssl certificate
- Use the ssl certificate in Nginx
- Summary
??最近在玩kubernetes,时常要用到https协议,而https协议又离不开ssl证书,自己弄好了以后,想到可能还会有很多人也会用到,所以这里就写一篇文章介绍一下这一块的东西。
Generate ssl certificate
- 步骤1 生成伪随机数字节文件
??Openssl rand命令用来产生伪随机字节,随机数字产生器需要一个seed,在没有/dev/srandom系统下的解决方法是自己做一个~/.rnd文件。
lwk@qwfys:~$ openssl rand -writerand ~/.rnd
- 步骤2 创建目录
??创建目录~/.tmp/3123459_k8s.qwfys.com_nginx
lwk@qwfys:~$ mkdir -p ~/.tmp/3123459_k8s.qwfys.com_nginx
lwk@qwfys:~$ ll .tmp/
total 12
drwxr-xr-x 3 lwk lwk 4096 Jun 2 09:33 ./
drwxr-xr-x 53 lwk lwk 4096 Jun 2 09:32 ../
drwxr-xr-x 2 lwk lwk 4096 Jun 2 09:33 3123459_k8s.qwfys.com_nginx/
lwk@qwfys:~$
- 步骤3 生成非对称公密钥对
??用OpenSSL的genrsa命令生成一个2048 bit的公钥私钥对,输出到文件~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key里。
lwk@qwfys:~$ openssl genrsa -out ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
................+++++
........................................+++++
e is 65537 (0x010001)
lwk@qwfys:~$
- 步骤4 生成身份申请CSR
??用OpenSSL的req命令以上文中的3123459_k8s.qwfys.com_nginx.key为输 入,生成一个身份证申请(certificate signing request,CSR)文件 3123459_k8s.qwfys.com_nginx.csr
lwk@qwfys:~$ openssl req -new -key ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key -out ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Hongkong
Locality Name (eg, city) []:Hongkong
Organization Name (eg, company) [Internet Widgits Pty Ltd]:www.qwfys.com
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:k8s.qwfys.com
Email Address []:qwfys200@qq.comPlease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
lwk@qwfys:~$
- 步骤5 生成CA签署的身份证
??以下OpenSSL的x509命令用指定的私钥文件3123459_k8s.qwfys.com_nginx.key签署身份申请(certificate signing request,CSR)文件3123459_k8s.qwfys.com_nginx.csr,输出CA签署的身份证(CA signed certificate,CRT)文件3123459_k8s.qwfys.com_nginx.crt
lwk@qwfys:~$ openssl x509 -req -sha256 -days 365 -in ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.csr -signkey ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key -out ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.crt
Signature ok
subject=C = CN, ST = Hongkong, L = Hongkong, O = www.qwfys.com, OU = IT, CN = k8s.qwfys.com, emailAddress = qwfys200@qq.com
Getting Private key
lwk@qwfys:~$
??接下来,我们查看一下生成的文件及其内容。
lwk@qwfys:~$ ll ~/.tmp/3123459_k8s.qwfys.com_nginx/
total 20
drwxr-xr-x 2 lwk lwk 4096 Jun 2 13:59 ./
drwxr-xr-x 4 lwk lwk 4096 Jun 2 09:53 ../
-rw-r--r-- 1 lwk lwk 1330 Jun 2 13:59 3123459_k8s.qwfys.com_nginx.crt
-rw-r--r-- 1 lwk lwk 1062 Jun 2 13:59 3123459_k8s.qwfys.com_nginx.csr
-rw------- 1 lwk lwk 1675 Jun 2 13:57 3123459_k8s.qwfys.com_nginx.key
lwk@qwfys:~$ cat ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEApKRbB3jKgN1irAJLzZ1o6EdXY6AMx64gDMm5LF4QetDxCFmj
MFi9Pii03Lefsxy7gKVSOUCuyMLkCqOLQwmtBDPN6EY0L+5LLOTO8dPkvuUfxtq+
ge1X0yOSirumFQ/FXA7yFD4FGoLYmUFqLoNYxyySYnbMNNSSlcXEbaxfXWQfrOUu
TG1LOtK8TcZGeLwUCDlx5qP+uxBNsWPJPCxoPpWQ1f+q18F2zZvVRQggQ5U6GwZP
/53O6rUioRFYRNnj+00t8pALS++vPKVNZxM+VczmIwI0/nQZnHv5AlWIUOZBVxf7
NBJju5XV4XpZO1TN0RRKpSWIHGGGqOe2ls/9lwIDAQABAoIBADsMm31djDuVqzsI
A8n2B9cvJx+bGppPUD1l6B0Ki5yQ7bHR/F5tpUny7ZMv5H4n8vPb11ajZUyp4YIT
T/I2OTCFp/cDntoF/D5YvgQrvCHfKXt3ntYYmuQmIPvS+2kYY+91iMtLxybQAQFO
Xdfa0e91g/b+ppTYHM7MxHuVVAq5N88zY68Tlkf73TVkWuXgJZGc0m/RWSLBAzIG
CSB1NFGvsl6Sj6K/a2fXvJu2OojKjp1pN4vcM7tFJRAEwiU3fri3gqCD5TnX3Lv4
ZR1GRNFjUnxt2/NF+xFdeeepHnZViXvIqT/jvpYWl2D1qIfW1SE/qgrEm3Ego0dU
z90qKmECgYEA2F3bgvzdi8nd0avG8EAV4mD2kMMob27A68WDUu9zFAbhYfp0mE2U
dthfAUqbShI72QVMmKcQVxVZCbQP5Vjb0y+6tNVt+WBddFnBy0+bH4dredmwQtS2
Og0tWq9kCS2fSnawquzafm2HXPucGehwthpFi/VZKy24lW1uO5Jm/xECgYEAwsz1
99P2zuwliH/Y2AKpGNtDUIchJs5Lz4q8GvW7RSJjr1FKM5o1CTOqPLQ+Tm64ekbb
odWyRjUg2Favlo72fy/meVTTVCctp0oJ7odwQXzhIsBFZ+sYfv5nQGrvxkOR5gNq
4rSqQpRvJjSGU9OiEeWyZwz0lRGkVLPxNNsRAicCgYBa1EvqWSzIGh48ftgs0zpc
pkfbzZGT9fKXB3txvYOZzKmg7/syVJ8WpQ59BEzcc3scR9U34CpD5HpUUHq71Omz
Zj4C2/Ym0gVpaqSoLOr5+Wds563O4Gz/QbjgcPCVycktAVZ46qVunZxNtHJ7jdCD
IdRAROcB8VejoyS7bWI/gQKBgQCnciMkSpFmwNpqgOrWk0LjWOZ9/AnlH4NO/URA
MGYvQSZK9yc/QBjCtiRpVc4RAV+Vy/7TF6vMabK4A5ufYXhFT9lfBik5twupNx1e
ahF2WW/0vS1r7Ev8LZZ3avR8imyJOPrRsNaBsLHyN0gYGly/4Z/+sMY0tRt6q8p0
0rHGFQKBgF/uVbWLyXnGV+aQiRBZLcxy+MZntJ4IuJm+Wp3tlkPPr/z4qf0QlzS6
7ir8+YsOj68SFwtiJirJ5j8f8bMWRAdVsKtdF+Cp73Wjtf10360Db9Q9IZqZQvhr
EjTwnnHXKqkjqn3sudTpnbpGRorS8jO1537Gf/li5L9UnHqEbikU
-----END RSA PRIVATE KEY-----
lwk@qwfys:~$
虽说文件头尾都标注着RSA PRIVATE KEY,但实际上这个文件里面包含了公钥与私钥。
lwk@qwfys:~$ cat ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIC1jCCAb4CAQAwgZAxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhIb25na29uZzER
MA8GA1UEBwwISG9uZ2tvbmcxFjAUBgNVBAoMDXd3dy5xd2Z5cy5jb20xCzAJBgNV
BAsMAklUMRYwFAYDVQQDDA1rOHMucXdmeXMuY29tMR4wHAYJKoZIhvcNAQkBFg9x
d2Z5czIwMEBxcS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk
pFsHeMqA3WKsAkvNnWjoR1djoAzHriAMybksXhB60PEIWaMwWL0+KLTct5+zHLuA
pVI5QK7IwuQKo4tDCa0EM83oRjQv7kss5M7x0+S+5R/G2r6B7VfTI5KKu6YVD8Vc
DvIUPgUagtiZQWoug1jHLJJidsw01JKVxcRtrF9dZB+s5S5MbUs60rxNxkZ4vBQI
OXHmo/67EE2xY8k8LGg+lZDV/6rXwXbNm9VFCCBDlTobBk//nc7qtSKhEVhE2eP7
TS3ykAtL7688pU1nEz5VzOYjAjT+dBmce/kCVYhQ5kFXF/s0EmO7ldXhelk7VM3R
FEqlJYgcYYao57aWz/2XAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEANCYbhGQW
hWuKwOVX1PWrokFTuCCbWQHkrUXNGxABAYg879ulZsjYCqamPdGdKbIkA6qZzfDR
aB9VpOcuWKLkIm4i95XeSiLRIfYDhbpqGvCRi8hNsqMqeBPSBUVusawMY8RQk8LK
/51qCQA4vV1HkwA+yxLSADqC7qJLJALdGZZFfZXpAZS/s/nNyUx6Lov1L+2+mClu
hvwidn4mYJ3CsL7+B8iXDio3RkCW5CAsyALgojb7CE83UOXA8R8eRWEDqC8ZD8dD
Sh0G3q6qz+MyNkP0E9HprbSfLbXF6OT33CvkjddQNtOPI4l6gVBmDm4iwfKq0wZL
M4KG/iAXw07ybA==
-----END CERTIFICATE REQUEST-----
lwk@qwfys:~$ cat ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.crt
-----BEGIN CERTIFICATE-----
MIIDqTCCApECFCIleg+v7vC+7qoPPbiKf/ouV99KMA0GCSqGSIb3DQEBCwUAMIGQ
MQswCQYDVQQGEwJDTjERMA8GA1UECAwISG9uZ2tvbmcxETAPBgNVBAcMCEhvbmdr
b25nMRYwFAYDVQQKDA13d3cucXdmeXMuY29tMQswCQYDVQQLDAJJVDEWMBQGA1UE
AwwNazhzLnF3ZnlzLmNvbTEeMBwGCSqGSIb3DQEJARYPcXdmeXMyMDBAcXEuY29t
MB4XDTIwMDYwMjA1NTk0M1oXDTIxMDYwMjA1NTk0M1owgZAxCzAJBgNVBAYTAkNO
MREwDwYDVQQIDAhIb25na29uZzERMA8GA1UEBwwISG9uZ2tvbmcxFjAUBgNVBAoM
DXd3dy5xd2Z5cy5jb20xCzAJBgNVBAsMAklUMRYwFAYDVQQDDA1rOHMucXdmeXMu
Y29tMR4wHAYJKoZIhvcNAQkBFg9xd2Z5czIwMEBxcS5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCkpFsHeMqA3WKsAkvNnWjoR1djoAzHriAMybks
XhB60PEIWaMwWL0+KLTct5+zHLuApVI5QK7IwuQKo4tDCa0EM83oRjQv7kss5M7x
0+S+5R/G2r6B7VfTI5KKu6YVD8VcDvIUPgUagtiZQWoug1jHLJJidsw01JKVxcRt
rF9dZB+s5S5MbUs60rxNxkZ4vBQIOXHmo/67EE2xY8k8LGg+lZDV/6rXwXbNm9VF
CCBDlTobBk//nc7qtSKhEVhE2eP7TS3ykAtL7688pU1nEz5VzOYjAjT+dBmce/kC
VYhQ5kFXF/s0EmO7ldXhelk7VM3RFEqlJYgcYYao57aWz/2XAgMBAAEwDQYJKoZI
hvcNAQELBQADggEBAIPLP1nb/LTPpjERfiNzFh0p2KTkLuE8n4d7dV3uPcEbJ7g6
c7dIIZp192fQ0FCo+0MmoIXd8+7I0bmaOupD/eA1VuJKjcXgQUvbx4AJiAWBgaUl
Sg+dzFSoTykdk6idbK7zbHfYhSnt7eCw5z4ffmWFcEaEpmXUFJnTo6A6FWY26rxx
MK7Xpzkwa6OGHRlGaCBgTRR4aNjDHUktMhZzyS/RKazit6bGltGt1p7U+qJjD58h
yvfbhB+GJ9DRhoellxTVUoCAH3E60goO4qVj0HQz2yU0IiIR4fmjaaRKhpapsHyF
VYRupsEviwQ2WxFSJAPz3jVSOTW0ogK9fCZQA0Y=
-----END CERTIFICATE-----
lwk@qwfys:~$
Use the ssl certificate in Nginx
至些,我们就为自己的站点生成了相应的数字证书。那么如何使用呢?这里我们以CentOS 7、Nginx 1.15.6为例给大家简要介绍一下。
- 步骤 1 安装nginx
yum install -y nginx
- 步骤 2 在nginx配置目录添加子目录ssl,并将先前生成的文件3123459_k8s.qwfys.com_nginx.key、3123459_k8s.qwfys.com_nginx.crt复制到该目录
[root@xtwj73 ~]# mkdir -p /etc/nginx/ssl
lwk@qwfys:~$ scp ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key root@inner73.qwfys.com:/etc/nginx/ssl/lwk@qwfys:~$ scp ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.crt root@inner73.qwfys.com:/etc/nginx/ssl/
- 步骤3 编辑nginx配置文件,追来ssl功能
修改Nginx安装目录/conf/nginx.conf文件。找到以下配置信息:
# HTTPS server
server {listen 443;server_name localhost;ssl on;ssl_certificate cert.pem;ssl_certificate_key cert.key;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;ssl_prefer_server_ciphers on;location / {
按照下文中注释内容修改nginx.conf文件:
server {listen 443 ssl; #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。server_name k8s.qwfys.com; #将localhost修改为您证书绑定的域名,例如:www.example.com。root html;index index.html index.htm;ssl_certificate ssl/3123459_k8s.qwfys.com_nginx.crt; #将domain name.pem替换成您证书的文件名。ssl_certificate_key ssl/3123459_k8s.qwfys.com_nginx.key; #将domain name.key替换成您证书的密钥文件名。ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #使用此加密套件。ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用该协议进行配置。ssl_prefer_server_ciphers on;location / {root html; #站点目录。index index.html index.htm; }
}
- 步骤 4 重启nginx以使配置生效
[root@xtwj73 ~]# systemctl restart nginx.service
Summary
??上面我们给大家介绍的关于生成非对称公密钥、身份证申请这些操作步骤是以交互方式完成的,但是在一些特殊场合,我们希望以参数形式来完成,其实,这样也是可以的。接下来,我们就给大家演示这方面的操作步骤。
lwk@qwfys:~$ openssl rand -writerand ~/.rnd
lwk@qwfys:~$ mkdir -p ~/.tmp/3723459_k8s.qwfys.com_nginx
lwk@qwfys:~$ openssl req -new -newkey rsa:2048 -nodes -out ~/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.csr -keyout ~/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.key -subj "/C=CN/ST=Hongkong/L=Hongkong/O=www.qwfys.com Inc./OU=IT/CN=k8s.qwfys.com_nginx"
Generating a RSA private key
........................+++++
............+++++
writing new private key to '/home/lwk/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.key'
-----
lwk@qwfys:~$ ll ~/.tmp/3723459_k8s.qwfys.com_nginx/
total 16
drwxr-xr-x 2 lwk lwk 4096 Jun 2 09:53 ./
drwxr-xr-x 4 lwk lwk 4096 Jun 2 09:53 ../
-rw-r--r-- 1 lwk lwk 1029 Jun 2 09:53 3723459_k8s.qwfys.com_nginx.csr
-rw------- 1 lwk lwk 1704 Jun 2 09:53 3723459_k8s.qwfys.com_nginx.key
lwk@qwfys:~$ cat ~/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.key
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC0EPBk10wcAj57
nDThCBv/KJN8NCQX2wHI0ppOuTpOrEQoO2Bc75QLGVw6RHuAOPXwzhn6+t08k3rm
wdDeecxfAd0vxunu5P+NoavDfHeG3wHmU0n3wW+iY/0/GJpFNEElFcV0h6YXiFFK
XkijI+y0ayQ9xbtHKCyJ1j7KN3u3nadrWaft2jQ4E+MoavjfVvc+21UKHNObHzjh
/tozwIwkGX6/EGjfyq8q7OsPVJRJiXdmCURyfgXgSuUzdnXGbG6NZxWi30/hG2Yw
ejcmg6a1pja7hl3P57WInZKdk3Uj1ZhsRgarQbCpu7gDWe2j1/E0Ly14Z+aNZ/Gb
viOtsEbXAgMBAAECggEARtkrXOIBRjvzzbsGa0w/h8O1U/dIBELdjuCeaj8jG/VX
0+SY47g4La3KxfpQBYFj812Eh2XRSpZUkxrLTd3qda9MEhJX1PExQ87KwF3mwaBZ
JQC8Z8kqXWCuMfdCK9yFjUvlpxYAWd3+7h3uwpHN/qbxWYTFTRgXfhxYFESEXxf1
uXKzQzQbkqQQWzZSAb8cdxcj0itEDwo7a/Pf5renYQBQXMw+psy2o3Nt3/VEKA9x
7PNfEpZFnw3Y3KNJxg13L+hBhH7PQ5CPVbhIPXp5fJT204DwFNwHQ7wnM6msxSVf
qHS2PlB70pefvj8tm1nH9Svgq34uAvFHiRscKPj/wQKBgQDglQb37y+fuoFtLnBd
+rKcnMp+fBeA8q7BRWcUBqX4XZjePC8OEY0r3Ii238fyQuS7Or8JH9Sb/6p83tNB
Qdn9/ioqX/FUA1vHNAONDDesfkd+j0G8omBAg4oXWZcrDEw7NR91bXUq7aHnDhiO
DwFCanlydeS2OHPhDwZNLJAAkQKBgQDNQais9TOOmxTS3mmWJZ5lLKmonY6aad76
y/SuOWs13wHp/H2a3qW9wobmBREMt65ik3rgx/nY25u+Be2KetmrdTZuj1nh3w+N
IhL4HkfbkYK0Mncljtxg/NySM2WzAGIkHK3lqGWrF7NquN1ryZTeLJK/C/mnLVkl
PEvFOqWE5wKBgDZSVbkq1a4hAqVSEkPpG8Ld+ezWPyklijedfe1OHl8Q5KT8kbUp
cagmU7tILajfnUvcTdD7LgX9tVM24opqTzwsei59vnW/yjdI0YMQbXb/pHNsW04x
SG7SYlh7hyEWfGnl05Inw6t6hyrIMhBKeNeDwZR6B7Q7u2u4oqGQIdTBAoGBALS6
MHQB/uB86mv1jBC5lOtO1R/zgwGxYLWBajMRubWYY44MVOhNTLB2HONh6K5C+Vgw
tUxAqFxqmYpKm+qH2yseLMxSinjYOFAzhXJU7z6EtApIOSKn1KHNY8WTXeOr3b4g
RnnluYdZeg/pMIVc3Ch4JMn1GGA8DLc9jRXfWqhXAoGBAJRAFnOMFL5CNWwI/Z1K
Q+zp48Zdi67xAP312YyOOroVH0qaDd+H4OOqHfYjqRSVVHjHMcoNnY+qv/EYFkr+
wuRDPw4EQHmRJWTdn7Ew15GMOETz0DkZcsvdd7qh0xxIZMdhG2fAI+hdUVz3z2XM
otj6Yb9/XW4rUyQzYx+sdoOM
-----END PRIVATE KEY-----
lwk@qwfys:~$ cat ~/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.csr
-----BEGIN CERTIFICATE REQUEST-----
MIICwDCCAagCAQAwezELMAkGA1UEBhMCQ04xETAPBgNVBAgMCEhvbmdrb25nMREw
DwYDVQQHDAhIb25na29uZzEbMBkGA1UECgwSd3d3LnF3ZnlzLmNvbSBJbmMuMQsw
CQYDVQQLDAJJVDEcMBoGA1UEAwwTazhzLnF3ZnlzLmNvbV9uZ2lueDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALQQ8GTXTBwCPnucNOEIG/8ok3w0JBfb
AcjSmk65Ok6sRCg7YFzvlAsZXDpEe4A49fDOGfr63TyTeubB0N55zF8B3S/G6e7k
/42hq8N8d4bfAeZTSffBb6Jj/T8YmkU0QSUVxXSHpheIUUpeSKMj7LRrJD3Fu0co
LInWPso3e7edp2tZp+3aNDgT4yhq+N9W9z7bVQoc05sfOOH+2jPAjCQZfr8QaN/K
ryrs6w9UlEmJd2YJRHJ+BeBK5TN2dcZsbo1nFaLfT+EbZjB6NyaDprWmNruGXc/n
tYidkp2TdSPVmGxGBqtBsKm7uANZ7aPX8TQvLXhn5o1n8Zu+I62wRtcCAwEAAaAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCJv0/4iJJ6OIex2IfosrS/1szZO1z4rVdwwz1V
jtRhMdXZnOmIzFfkG4EI2COonA56rABm9o3GPRIXW7P2aXxRWhb7um1zLQFp7RoC
CBaqm+1YPpbxDc7ifcuPlzcgRfHW+2fjqwqXifSCrcdqH7+cf6hs9gRFOm0Fucp6
nucQrYuhtXrAv6tUyx1YJYxwUyScnMsJej32iomtPkwCJSW1eKSBUeL+9t5th28U
g2jxgsf0Kobxc6oFmqBfUNsy5HeX4GWDHnmq5lWbDD3OAhovvT3agLeopzTHCqN/
zE0EOItSYef5dTy5ck0Ac58Bb86hQfxblICHa3TfSqy77hYo
-----END CERTIFICATE REQUEST-----
lwk@qwfys:~$
Reference
- OpenSSL CSR Wizard
- Manually Generate a Certificate Signing Request (CSR) Using OpenSSL
- TLS和安全通信
- OpenSSL操作指南
- 在Nginx或Tengine服务器上安装证书
- DER、CRT、CER、PEM格式的证书及转换
- Go和HTTPS