openssl generates Watton ssl certificates


Generate Certificate

The only requirement of the system is that it must be a 2048-bit encrypted length CSR, and there is no requirement for the contents of each CSR field, so you can write freely

Enter pass phrase for XXXXX

openssl genrsa -aes256 -out 2048

(py3) eam/py_admin [master●] » openssl req -new -key -out
Enter pass phrase for
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) []:CN
State or Province Name (full name) []:GuangDong
Locality Name (eg, city) []:ShenZhen
Organization Name (eg, company) []:Wosign CA Limited
Organizational Unit Name (eg, section) []:Wosign Support
Common Name (eg, fully qualified host name) []
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:da2370282

Apply for WoSign Digital Certificate Online

  • You will receive an email when you apply for a certificate with WoSign
  • Click on the link in the mail and the following page will appear in the browser
  • copy the contents of the CSR file generated in the previous step to the left, click Check CSR, and submit
  • The page says "Your operation was successful, please check your domain name validation mailbox"

Verify domain name

Domain name verification mailbox will contain

Please place on a server connected to the domain in the folder
a file named:

– which should include the activation code:

Under the website change directory, execute:

mkdir -p .well-known .well-known/pki-validation/
cd .well-known/pki-validation/
echo '8fb05ab55367ab01a367060f396cae7e1e4c0cd9327be89f296e93f84a923271' > 8fb05ab55367ab01a367060f396cae7e1e4c0cd9327be89f296e93f84a923271.html
  • Click on the domain name to verify " Verify domain "Link
  • Then copy the content to the server
  • Next, delete the.well-known folder
  • Again, wait for Walton to issue the crt public key file
  • Final configuration, restart Nginx to see the effect

Click on the link prompt as follows:

Tags: OpenSSL Nginx

Posted on Mon, 09 Mar 2020 12:15:17 -0400 by dynodins