将CSR可分辨名称字段作为参数传递给OpenSSL [英] Passing CSR distinguished-name fields as parameters to OpenSSL

问题描述

如何在不需要用户输入的情况下生成CSR，例如从应用程序内部生成CSR?

How can you generate a CSR without requiring user input, such as to generate CSRs from within an application?

推荐答案

通过"-subj"参数传递主题:

Pass the subject via the "-subj" argument:

openssl req -new -key <private key file> -out <CSR output file> -subj "/C=<Country Name>/ST=<State>/L=<Locality Name>/O=<Organization Name>/CN=<Common Name>"

请注意，如果要让OpenSSL为您构建主题字符串，则可以像平常一样创建CSR，然后执行命令以对其进行自签名.格式正确的主题行将在顶部回显("subject ="):

Note that if you want to have OpenSSL build the subject string for you, you can create the CSR as you normally would, and then execute the command to self-sign it. A perfectly formatted subject line will be echoed-out at the top ("subject="):

openssl x509 -req -days 365 -in server.csr -signkey server.pem

Loading 'screen' into random state - done
Signature ok
subject=/C=US/ST=Florida/L=Miami/O=Test Group/CN=testgroup.server5
Getting Private key
...

这篇关于将CSR可分辨名称字段作为参数传递给OpenSSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！