certreq
like Subject,SubjectAlternativeName,extensions,exportable flag和CSP name。然後
.inf文件看起來像(取自here)
[Version]
Signature="$Windows NT$"
[NewRequest]
;Change to your,country code, company name and common name
Subject = "C=US, O=Example Co, CN=something.example.com"
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication/Token Signing
要產生,那麼你會運行命令
certreq -new request.inf request.csr
,併發送request.csr
給CA以頒發證書的請求。 CA可能會使用您的證書請求中的所有信息,但不一定要這樣做,即它可能會更改擴展名,例如增強型密鑰使用,並添加機器人手機號碼Client Authentication
和Server Authentication
。
謝謝,那就是我在找的東西。 – Anetair