openssl generates Watton ssl certificates

[TOC]

Generate Certificate

The only requirement of the system is that it must be a 2048-bit encrypted length CSR, and there is no requirement for the contents of each CSR field, so you can write freely

Enter pass phrase for chanrongdai.com.key: XXXXX

openssl genrsa -aes256 -out chanrongdai.com.key 2048


(py3) eam/py_admin [master●] » openssl req -new -key chanrongdai.com.key -out chanrongdai.com.csr
Enter pass phrase for chanrongdai.com.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:CN
State or Province Name (full name) []:GuangDong
Locality Name (eg, city) []:ShenZhen
Organization Name (eg, company) []:Wosign CA Limited
Organizational Unit Name (eg, section) []:Wosign Support
Common Name (eg, fully qualified host name) []:www.chanrongdai.com
Email Address []:liyuanbing@chanrongdai.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:da2370282

Apply for WoSign Digital Certificate Online

  • You will receive an email when you apply for a certificate with WoSign
  • Click on the link in the mail and the following page will appear in the browser
  • copy the contents of the CSR file generated in the previous step to the left, click Check CSR, and submit
  • The page says "Your operation was successful, please check your domain name validation mailbox"

Verify domain name

Domain name verification mailbox will contain

Please place on a server connected to the domain chanrongdai.com in the folder
/.well-known/pki-validation/
a file named:
8fb05ab55367ab01a367060f396cae7e1e4c0cd9327be89f296e93f84a923271.html

– which should include the activation code:
8fb05ab55367ab01a367060f396cae7e1e4c0cd9327be89f296e93f84a923271

Under the website change directory, execute:

mkdir -p .well-known .well-known/pki-validation/
cd .well-known/pki-validation/
echo '8fb05ab55367ab01a367060f396cae7e1e4c0cd9327be89f296e93f84a923271' > 8fb05ab55367ab01a367060f396cae7e1e4c0cd9327be89f296e93f84a923271.html
  • Click on the domain name to verify " Verify domain "Link
  • Then copy the chanrongdai.com.key content to the server
  • Next, delete the.well-known folder
  • Again, wait for Walton to issue the crt public key file
  • Final configuration, restart Nginx to see the effect

Click on the link prompt as follows:

Tags: OpenSSL Nginx

Posted on Mon, 09 Mar 2020 12:15:17 -0400 by dynodins