Ngnix + Apache服务器的CSR和www域

分享于 

3分钟阅读

互联网

  繁體 雙語

问题:

我正在尝试安全地保护和www域 ( https://example.comhttps://www.example.com )

  • 对于这个服务器

    openssl请求 -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com. csr

  • 否则会是别的?

  • 要在服务器请求公用名称时保护裸域和www域: 我们应该放什么example.com 或者 *example.com?
  • 服务器是 Ubuntu 18.04和 Ngnix + Apache感谢


回答 1:

关闭:使用通配符方法并增加密钥大小


openssl req -new -newkey rsa:4096 -nodes -out star_friends.com.csr -keyout star_friends.com.key -subj"/C=GH/ST=Greater-Accra/L=Accra/O=Friends LTD./CN=*.friends.com"




回答 2:

使用以下( 修改为适合你的姓名) 创建一个文件,并将它的保存为你选择的目录中的( 例如) example.cnf:


[ req ]



prompt = no


string_mask = default



# The size of the keys in bits:


default_bits = 2048


distinguished_name = req_dn


req_extensions = req_ext



[ req_dn ]



# Note that the following are in 'reverse order' to what you'd expect to see in


# Windows and the numbering is irrelevant as long as each line's number differs.



# Domain Components style:


# Server name:


# 2.DC = com


# 1.DC = example


# commonName = Acme Web Server



# Locality style:


# countryName = GB


# stateOrProvinceName = London


# localityName = Letsby Avenue


# organizationName = Acme


# 1.organizationalUnitName = IT Dept


# 2.organizationalUnitName = Web Services


# commonName = Acme Web Server



# Or traditional org style:


countryName = GB


organizationName = Acme


1.organizationalUnitName = IT Dept


2.organizationalUnitName = Web Services


commonName = Acme Web Server


# Or: 


# commonName = www.example.com



[ req_ext ]



subjectAltName = @alt_names



[alt_names]


# To automatically copy the CN (in the case of a DNS name in the CN) use:


# DNS.1 = ${req_dn::commonName}


DNS.1 = www.example.com


DNS.2 = example.com



运行以下命令创建 CSR:


openssl req -nodes -new -keyout example.key -out example.csr -config example.cnf



注意,这将把 private 键放在系统的纯文本中。 根据使用这里密钥的服务,可以能需要考虑从命令中删除 -nodes 谓词来保护密码。



Server  Apache  DOM  domain  CSR  
相关文章