1、 生成密钥
openssl genrsa -out usr.key 1024
2、生成证书请求
openssl req -new -key usr.key -out usr.csr -config /var/cert/openssl.cnf
3、生成自签发的证书
openssl x509 -req -in usr.csr -out usr.cer -signkey usr.key -days 365
4、比较csr与证书是否匹配
openssl x509 -pubkey -in wxy.cer -noout > out1
openssl req -pubkey -in wxy.csr -noout > out2
out1和out2中内容一样,则表示匹配。
5、检测私钥的合法性
openssl rsa -check -in usr.key -noout -out usr.key.out
结果:
linux-jqpp:/home/cert/test # cat test.key.out
RSA key ok
6、检测CSR的合法性
openssl req -subject -in usr.csr -noout > usr.csr.out 2>/dev/null
结果:
linux-jqpp:/home/cert/test # cat test.csr.out
subject=/C=11/ST=22/L=33/O=44/OU=55/CN=66/emailAddress=77@qq.com
7、检验证书和合法性
openssl x509 -subject -in test.cer -noout > test.cer.out 2>/dev/null
结果:
subject= /C=11/ST=22/L=33/O=44/OU=55/CN=66/emailAddress=77@qq.com
附
openssl.cnf
[req]
default_bits=2048
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
CN = jj
O = tenda
ST = gd
C = cn
