Generating RSA private key, 4096 bit long modulus
....................................................................................++
...........................................................................++
e is 65537 (0x10001)
Enter pass phrase for ca-key.pem:
Verifying - Enter pass phrase for ca-key.pem:
Enter pass phrase for ca-key.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:GZ
Locality Name (eg, city) [Default City]:ZY
Organization Name (eg, company) [Default Company Ltd]:Com Ltd
Organizational Unit Name (eg, section) []:Dev
Common Name (eg, your name or your server's hostname) []:[host]
Email Address []:ca@domain.com
生成服务端密钥
1
openssl genrsa -out server-key.pem 4096
输出
Generating RSA private key, 4096 bit long modulus
....................................................................++
.................................................................................................................................................................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [GZ]:
Locality Name (eg, city) [ZY]:
Organization Name (eg, company) [Com Ltd]:
Organizational Unit Name (eg, section) [Domain Control Validated]:Dev
Common Name (eg, your name or your server's hostname) []:*.domain1.com
Email Address []:ca@domain.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:Com Ltd
Using configuration from openssl.cnf
Enter pass phrase for ca-key.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 0 (0x0)
Validity
Not Before: Dec 29 08:43:06 2017 GMT
Not After : Dec 27 08:43:06 2027 GMT
Subject:
countryName = CN
stateOrProvinceName = GZ
organizationName = Com Ltd
organizationalUnitName = Dev
commonName = *.domain1.com
emailAddress = ca@domain.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
DNS:*.domain1.com, DNS:*.domain2.com, DNS:*.domain3.com
Certificate is to be certified until Dec 27 08:43:06 2027 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
生成客户端密钥
1
openssl genrsa -out client-key.pem 4096
输出
Generating RSA private key, 4096 bit long modulus
...........................................................................................++
....................................................................................................++
e is 65537 (0x10001)