如何使用OpenSSL自动读取证书信息

你可以创build一个configuration文件并在你的命令中使用它。 你可以例如创build一个名为openssl.cnf的configuration文件，并像这样使用它：

 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.cert -config ./openssl.cnf 

在你的情况下，你可以设置以下参数：

 [ req_distinguished_name ] # Variable name Prompt string #------------------------- ---------------------------------- 0.organizationName = Organization Name (company) organizationalUnitName = Organizational Unit Name (department, division) emailAddress = Email Address emailAddress_max = 40 localityName = Locality Name (city, district) stateOrProvinceName = State or Province Name (full name) countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 commonName = Common Name (hostname, IP, or your name) commonName_max = 64 

更多可以在http://www.flatmtn.com/article/setting-openssl-create-certificates#SSLCert-4find

在您的configuration文件中的某处，您需要以下内容：

 [ req ] prompt = no distinguished_name = req_distinguished_name [ req_distinguished_name ] countryName = GB stateOrProvinceName = Provinceshire localityName = Locationsville organizationName = Example Ltd organizationalUnitName = PKI commonName = www.example.com 

[ req ]部分中的prompt = no会停止您看到的提示，并更改distinguished_name部分中的预期格式。 如果你没有这个选项，OpenSSL将会期待你现在的提示格式。

请注意，字段的顺序是可改变的，并决定了证书的顺序。

它也可以从脚本运行：

 #!/bin/bash country=WORLD state=mystate locality=Mycity organization=myorg organizationalunit=IT [email protected] openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.cert -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonname/emailAddress=$email" 

find它在： http : //www.jamescoyle.net/how-to/1073-bash-script-to-create-an-ssl-certificate-key-and-request-csr