nginx：用openssl生成证书

Microsoft Windows [版本 10.0.18363.959]
(c) 2019 Microsoft Corporation。保留所有权利。

C:WINDOWSsystem32>cd d:app
ginx

C:WINDOWSsystem32>d:

d:app
ginx>dir
 驱动器 D 中的卷是 work
 卷的序列号是 3C5D-459F

 d:app
ginx 的目录

2020-03-05  22:23    <DIR>          .
2020-03-05  22:23    <DIR>          ..
2018-05-05  12:43    <DIR>          conf
2018-03-02  09:25    <DIR>          contrib
2018-03-02  09:25    <DIR>          docs

2020-08-02  20:00    <DIR>          html
2020-08-01  17:46    <DIR>          logs
2018-11-12  10:26           360,960 nginx-service.exe
2019-07-29  11:33               518 nginx-service.xml
2017-04-12  18:05         3,060,224 nginx.exe
2018-12-10  14:41    <DIR>          ssl
2019-07-29  11:39               288 start.bat
2020-08-03  19:37    <DIR>          temp
               4 个文件      3,421,990 字节
               9 个目录 338,788,208,640 可用字节

d:app
ginx>cd ssl

d:app
ginxssl>dir
 驱动器 D 中的卷是 work
 卷的序列号是 3C5D-459F

 d:app
ginxssl 的目录

2018-12-10  14:41    <DIR>          .
2018-12-10  14:41    <DIR>          ..
2018-12-10  14:41               822 dogiant.crt
2018-12-10  14:40               639 dogiant.csr
2018-12-10  14:40               887 dogiant.key
2018-12-10  14:38               963 dogiant.key.copy
               4 个文件          3,311 字节
               2 个目录 338,788,208,640 可用字节

d:app
ginxssl>del *.*
d:app
ginxssl*.*, 是否确认(Y/N)? y

d:app
ginxssl>openssl genrsa -des3 -out server.key 2048
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Generating RSA private key, 2048 bit long modulus
...+++++
...+++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
Verify failure
User interface error
21244:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:.cryptopempem_lib.c:373:

d:app
ginxssl>dir
 驱动器 D 中的卷是 work
 卷的序列号是 3C5D-459F

 d:app
ginxssl 的目录

2020-08-03  22:03    <DIR>          .
2020-08-03  22:03    <DIR>          ..
2020-08-03  22:03                 0 server.key
               1 个文件              0 字节
               2 个目录 338,788,376,576 可用字节

d:app
ginxssl>openssl genrsa -des3 -out server.key 2048
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Generating RSA private key, 2048 bit long modulus
.......................+++++
.......+++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

d:app
ginxssl>openssl req -new -key server.key -out server.csr
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Unable to load config info from /usr/local/ssl/openssl.cnf

d:app
ginxssl>dir
 驱动器 D 中的卷是 work
 卷的序列号是 3C5D-459F

 d:app
ginxssl 的目录

2020-08-03  22:03    <DIR>          .
2020-08-03  22:03    <DIR>          ..
2020-08-03  22:05             1,743 server.key
               1 个文件          1,743 字节
               2 个目录 338,788,306,944 可用字节

d:app
ginxssl>openssl req -new -key server.key -out server.csr
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Unable to load config info from /usr/local/ssl/openssl.cnf

d:app
ginxssl>show variables like '%ssl%';
'show' 不是内部或外部命令，也不是可运行的程序
或批处理文件。

d:app
ginxssl>openssl
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
OpenSSL> exit

d:app
ginxssl>openssl
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
OpenSSL> exit

d:app
ginxssl>set OPENSSL_CONF=openssl.cnf

d:app
ginxssl>openssl
WARNING: can't open config file: openssl.cnf
OpenSSL> exit

d:app
ginxssl>set OPENSSL_CONF=D:app
ginxconfopenssl.cnf

d:app
ginxssl>openssl
WARNING: can't open config file: D:app
ginxconfopenssl.cnf
OpenSSL> exit

d:app
ginxssl>set OPENSSL_CONF=D:appOpenSSL-Win64incnfopenssl.cnf

d:app
ginxssl>openssl
OpenSSL> req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:JS
Locality Name (eg, city) []:HN
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CSGET
Organizational Unit Name (eg, section) []:COM
Common Name (e.g. server FQDN or YOUR name) []:TEST.COM
Email Address []:TEST@TEST.COM

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
OpenSSL> rsa -in server.key -out server_no_passwd.key
Enter pass phrase for server.key:
unable to load Private Key
19852:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:.cryptoevpevp_enc.c:531:
19852:error:0906A065:PEM routines:PEM_do_header:bad decrypt:.cryptopempem_lib.c:476:
error in rsa
OpenSSL> rsa -in server.key -out server_no_passwd.key
Enter pass phrase for server.key:
writing RSA key
OpenSSL> x509 -req -days 3650 -in server.csr -signkey server_no_passwd.key -out server.crt
Signature ok
subject=/C=CN/ST=JS/L=HN/O=CSGET/OU=COM/CN=TEST.COM/emailAddress=TEST@TEST.COM
Getting Private key

OpenSSL>  rsa -in server.key -out server.unsecure
19852:error:06067099:digital envelope routines:EVP_PKEY_copy_parameters:different parameters:.cryptoevpp_lib.c:137:
Enter pass phrase for server.key:
writing RSA key

OpenSSL>