OPENSSL 生成RSA公钥、私钥和证书(OpenSSL generates RSA public key, private key and certificate)

在命令窗口执行下列操作。

1)生成RSA私钥:

openssl genrsa -out rsa_private_key.pem 2048

生成内容:

—–BEGIN RSA PRIVATE KEY—–

Base64内容。

—–END RSA PRIVATE KEY—–

2)把RSA私钥PKCS1格式转换成PKCS8格式

openssl pkcs8 -topk8 -inform PEM -in opetxsv01_20200306.key -outform pem -nocrypt -out pkcs8_private_key.pem

生成内容:

—–BEGIN PRIVATE KEY—–

Base64内容。

—–END PRIVATE KEY—–

3) 生成RSA公钥

openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem

生成内容:

—–BEGIN PUBLIC KEY—–

Base64内容。

—–END PUBLIC KEY—–

4)CSR 证书文件生成

如果需要CSR证书的话(需要输入国家等信息,或者默认执行),不需要就忽略。

  需要认证中心认证时:

    openssl req -new -key private_key.pem -out rsaCerReq.csr

    生成内容:

    —–BEGIN CERTIFICATE REQUEST—–

    Base64内容。

    —–END CERTIFICATE REQUEST—–

  本地使用,不去认证中心认证时:    openssl req -new -x509 -key rsa_private_key.key -out cacert.pem -days 365

    生成内容:

    —–BEGIN CERTIFICATE—–

    Base64内容。

    —–END CERTIFICATE—–

——End——

————————

In the command window, do the following.

1) Generate RSA private key:

openssl genrsa -out rsa_private_key.pem 2048

Generated content:

—–BEGIN RSA PRIVATE KEY—–

Base64 content.

—–END RSA PRIVATE KEY—–

2) Convert RSA private key pkcs1 format to pkcs8 format

openssl pkcs8 -topk8 -inform PEM -in opetxsv01_20200306.key -outform pem -nocrypt -out pkcs8_private_key.pem

Generated content:

—–BEGIN PRIVATE KEY—–

Base64 content.

—–END PRIVATE KEY—–

3) Generate RSA public key

openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem

Generated content:

—–BEGIN PUBLIC KEY—–

Base64 content.

—–END PUBLIC KEY—–

4) CSR certificate file generation

If you need CSR Certificate (you need to enter information such as country, or execute by default), you don’t need to ignore it.

When certification by certification authority is required:

    openssl req -new -key private_key.pem -out rsaCerReq.csr

Generated content:

    —–BEGIN CERTIFICATE REQUEST—–

Base64 content.

—–END CERTIFICATE REQUEST—–

For local use, if you do not go to the authentication center for authentication: OpenSSL req – New – x509 – key RSA_ private_ key.key -out cacert.pem -days 365

Generated content:

—–BEGIN CERTIFICATE—–

Base64 content.

—–END CERTIFICATE—–

——End——