Openssl req命令

一、简介

req指令用来创建和处理PKCS#10格式的证书

二、语法

openssl  req [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-text] [-pubkey] [-noout] [-verify] [-modulus] [-nodes] [-subject] [-passin arg] [-passout arg] [-key filename] [-keyform PEM|DER] [-keyout filename] [-rand file(s)] [-newkey rsa:bits] [-newkey dsa:file] [-newkey ec:file] [-digest] [-config filename] [-subj arg] [-multivalue-rdn] [-new] [-batch] [-x509] [-days n] [-set_serial n] [-newhdr][-asn1-kludge][ -no-asn1-kludge][-extensions section] [-reqexts section] [-utf8] [-nameopt option] [-reqopt option][-verbose] [engine id]

选项

 -inform arg    input format - DER or PEM
 -outform arg   output format - DER or PEM
 -in arg        input file
 -out arg       output file
 -text          text form of request
 -pubkey        output public key
 -noout         do not output REQ
 -verify        verify signature on REQ
 -modulus       RSA modulus
 -nodes         don‘t encrypt the output key
 -engine e      use engine e, possibly a hardware device
 -subject       output the request‘s subject
 -passin        private key password source
 -key file      use the private key contained in file
 -keyform arg   key file format
 -keyout arg    file to send the key to
 -rand file:file:...
                load the file (or the files in the directory) into
                the random number generator
 -newkey rsa:bits generate a new RSA key of ‘bits‘ in size
 -newkey dsa:file generate a new DSA key, parameters taken from CA in ‘file‘
 -newkey ec:file generate a new EC key, parameters taken from CA in ‘file‘
 -[digest]      Digest to sign with (see openssl dgst -h for list)
 -config file   request template file.
 -subj arg      set or modify request subject
 -multivalue-rdn enable support for multivalued RDNs
 -new           new request.
 -batch         do not ask anything during request generation
 -x509          output a x509 structure instead of a cert. req.
 -days          number of days a certificate generated by -x509 is valid for.
 -set_serial    serial number to use for a certificate generated by -x509.
 -newhdr        output "NEW" in the header lines
 -asn1-kludge   Output the ‘request‘ in a format that is wrong but some CA‘s
                have been reported as requiring
 -extensions .. specify certificate extension section (override value in config file)
 -reqexts ..    specify request extension section (override value in config file)
 -utf8          input characters are UTF8 (default ASCII)
 -nameopt arg    - various certificate name options
 -reqopt arg    - various request text options

三、实例

1、根据私钥生成证书请求

方式1

openssl genrsa -des -passout pass:"123456" -out prikey.pem 1024
openssl req -key prikey.pem -passin pass:"123456" -new -out cerreq.pem

方式2

交互式

openssl req -newkey rsa:1024 -keyout prikey.pem -passout pass:"123456" -new -out cerreq.pem

非交互式

openssl req -newkey rsa:1024 -keyout prikey.pem -passout pass:"123456" -config openssl.cnf -new -out cerreq.pem

2、生成一个自签名的根证书

openssl req -x509 -newkey rsa:1024 -keyout prikey.pem -passout pass:"123456" -config openssl.cnf -new -out certself.pem

3、生成带中文支持的请求(UTF-8)

http://blog.chinaunix.net/uid-7591044-id-1742939.html

4、生成带扩展项的请求

http://bbs.csdn.net/topics/380025010
参考:http://blog.csdn.net/as3luyuan123/article/details/16811787
时间: 2024-07-28 20:59:28

Openssl req命令的相关文章

openssl req(生成证书请求和自建CA)

伪命令req大致有3个功能:生成证书请求文件.验证证书请求文件和创建根CA.由于openssl req命令选项较多,所以先各举几个例子,再集中给出openssl req的选项说明.若已熟悉openssl req和证书请求相关知识,可直接跳至后文查看openssl req选项整理,若不熟悉,建议从前向后一步一步阅读. 首先说明下生成证书请求需要什么:申请者需要将自己的信息及其公钥放入证书请求中.但在实际操作过程中,所需要提供的是私钥而非公钥,因为它会自动从私钥中提取公钥.另外,还需要将提供的数据进

(11) openssl req(生成证书请求和自建CA)

伪命令req大致有3个功能:生成证书请求文件.验证证书请求文件和创建根CA. 由于openssl req命令选项较多,所以先各举几个例子,再集中给出openssl req的选项说明.若已熟悉openssl req和证书请求相关知识,可直接跳至后文,若不熟悉,建议从前向后一步一步阅读. 首先说明下生成证书请求需要什么:申请者需要将自己的信息及其公钥放入证书请求中.但在实际操作过程中,所需要提供的是私钥而非公钥,因为它会自动从私钥中提取公钥.另外,还需要将提供的数据进行数字签名(使用单向加密),保证

OpenSSL之命令总结

OpenSSL从基础到应用系列: 1) OpenSSL之安全通讯基础 2) OpenSSL之PKI 3) OpenSSL之SSL协议的Web安全实现 4) OpenSSL之编译安装 透过上面几个方面的学习,我们应该对OpenSSL有了一个基本的了解.OpenSSL功能之强大,命令组合用法之多,往往让我们的学习不知所措.在此,我们来对openssl命令的使用做一个总结. 语法格式:  openssl command [ command_opts ] [ command_args ] 常用comma

熟练掌握 openssl 证书命令说明

熟练掌握 openssl 证书命令说明2.在我电脑建立好一个目录,并启动 terminal ,进入该目录cd /Users/dhbm/Desktop/ssl/sign2018072913.生成Self Signed证书1).生成一个key(我的私钥)openssl genrsa -des3 -out selfsign.key 4096 结果 (过程中 密码: 123456)Generating RSA private key, 4096 bit long modulus...........++

openssl常用命令(待补充)

1.测试openssl对各种见算法处理速度 openssl speed [algorithms] algorithms:各种算法 eg. rsa,des,md5,sha1等.不加算法表示测试所有算法. 2.openssl对数据进行加密  openssl enc -ciphername [-in filename] [-e] [-d] [-out filename] [-salt] [-a/-base64]  eg. openssl enc des3 -salt -a -in inittab -o

Openssl pkcs7命令

一.简介 pkcs7命令用于处理DER或者PEM格式的pkcs#7文件.   二.语法 openssl pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-print] [-print_certs] [-text] [-noout] [-engine id] 选项 -inform arg input format - DER or PEM -outform arg output format -

Openssl ca命令

一.简介 ca命令能够签发证书请求文件以及生成CRL列表 二.语法 openssl ca [-verbose] [-config filename] [-name section] [-gencrl] [-revoke file][-crl_reason reason] [-crl_hold instruction] [-crl_compromise time] [-crl_CA_compromise time ] [ -subj subj] [-crldays days] [-crlhours

Openssl crl2pkcs7命令

一.简介 crl2pkcs7命令根据CRL或证书来生成pkcs#7消息 二.语法 openssl crl2pkcs7 [-inform PEM|DER ] [-outform PEM|DER ] [-in filename ] [-out filename ] [-certfile filename ] [-nocrl ] 选项 -inform arg input format - DER or PEM -outform arg output format - DER or PEM -in ar

Openssl crl命令

一.简介 crl命令用于处里PME或DER格式的CRL文件 二.语法 openssl crl [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename] [-out filename] [-hash] [-fingerprint] [-issuer ] [-lastupdate ] [-nextupdate ] [-crlnumber] [-noout ] [-CAfile file ] [-CApath dir ] [-nameopt