# 证书请求

用于创建证书

# 命令

openssl req -new -key ca.key -out ca.csr -config ca.cnf
参数 描述
req 执行证书签发命令
-new 新证书签发请求
-key 指定私钥路径
-out 输出的csr文件的路径
-config 配置文件

# 证书内容

ca.csr 内容, 实际内容比这个长

-----BEGIN CERTIFICATE REQUEST-----
MIIC6jCCAdICAQAwgY0xCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdKaWFuZ1N1MQ8w
DQYDVQQHDAZTdVpob3UxETAPBgNVBAoMCFdDQ0EgTHRkMRQwEgYDVQQLDAtXQ0NB
7YPWiwptFbqH5AQBSBLLEEBewbZLLWr5QXKVQ8ytGJVZ36oJxs9vXoQuN2Hq1TN6
gYGOKHnxl0dIybTfjGIcXk0u7HjIP/0tKi27SMdHhLUgjW7qoXBOoNWoXo1/2paQ
PX9zZA58y+KLbOH062B/FVPE1zQNul7sBqTUiuSL
-----END CERTIFICATE REQUEST-----

# 验证请求

openssl req -text -noout -in ca.csr

# 配置

[ req ]
default_bits       = 4096
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = CN
stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = JiangSu
localityName                    = Locality Name (eg, city)
localityName_default            = SuZhou
organizationName                = Organization Name (eg, company)
organizationName_default        = MyComponent
organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = MyComponent Zuzhi
commonName                      = Common Name (e.g. server FQDN or YOUR name)
commonName_max                  = 64
commonName_default              = MyComponent Root CA