openssl 证书生成手册

1.首先要生成服务器端的私钥(key文件):
openssl genrsa -des3 -out server.key 1024
运行时会提示输入密码,此密码用于加密key文件(参数des3便是指加密算法,当然也可以选用其他你认为安全的算法.),以后每当需读取此文 件(通过openssl提供的命令或API)都需输入口令.如果觉得不方便,也可以去除输入密码的参数 -des3,但一定要采取其他的保护措施!
命令如下:
openssl genrsa -out server.key 1024
 
2.openssl req -new -key server.key -out server.csr
生成Certificate Signing Request（CSR）,生成的csr文件交给CA签名后形成服务端自己的证书.屏幕上将有提示,依照其指示一步一步输入要 求的个人信息即可.

信息如下：

Country Name (2 letter code) [GB]: XX
State or Province Name (full name) [Berkshire]:XX
Locality Name (eg, city) [Newbury]:XX
Organization Name (eg, company) [My Company Ltd]:XX
Organizational Unit Name (eg, section) []:XX
Common Name (eg, your name or your server's hostname) []:XX
Email Address []:XX
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:XX
An optional company name []:XX