首页>技术支持>SSL证书请求文件(CSR)生成指南 - SSLeay

SSL证书请求文件(CSR)生成指南 - SSLeay

重要注意事项 An Important Note Before You Start

在生成CSR文件时同时生成您的私钥,如果您丢了私钥或忘了私钥密码,则颁发证书给您后不能安装成功!您必须重新生成私钥和CSR文件,免费重新颁发新的证书。为了避免此情况的发生,请在生成CSR后一定要备份私钥文件和记住私钥密码,最好是在收到证书之前不要再动服务器。

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

SSLeay Key and CSR Generation

More and more secure web servers and value-added cryptographic applications are using the SSLeay free cryptographic toolkit, which includes a variety of libraries and utilities to manage secure sockets and public key cryptography.

SSLeay can be found at ftp://psych.uq.edu.au/pub/Crypto/SSL/ .

These servers by and large use the same key and certificate format, and generate Certificate Signing Requests (CSR's) that are compatible with the Thawte Certification System.

Examples are Sioux, Stronghold, ApacheSSL, Alibaba (which is linked against a very old version of SSLeay) and secure versions of WN.

In all of these servers you can use the following procedure to generate your CSR:

Locate ssleay

These instructions assume that SSLeay is installed, and that you have the executable ssleay in your PATH.

They also assume that you are using version 0.8.1 or later... ssleay version will tell you which version you are using.

Generate your key:

ssleay genrsa -des3 1024 > www.myserver.com.key

This command sequence will generate a private key and store it in the file www.myserver.com.key . It will ask you for a pass phrase: use something secure and remember it.

Your certificate will be useless without the key.

If you don't want to protect your key with a pass phrase (only if you absolutely trust that server, and you make sure the permissions are carefully set so only you can read that key) you can leave out the -des3 option.

Generate your CSR:

ssleay req -new -key www.myserver.com.key > www.myserver.com.csr

This command sequence will prompt you for the attributes of your certificate.

You will now have a private key in www.myserver.com.key and a CSR in www.myserver.com.csr .

Paste the CSR into our forms, and hold on to your key. You will need the key to operate your secure server when we issue your certificate.

测试CSR和把CSR发给WoSign, Start the certificate request process

生成CSR后,建议您自己测试一下生成的CSR文件是否正确,请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器,等待证书的颁发。

To submit the CSR to WoSign for processing you should start the certificate enrollment process.