签发免费 SSL 泛域名证书

  • A+
所属分类:随手小记
摘要

免费申请通配域名SSL证书真的是很难得,更加难得的是还能过大部分浏览器

assl.loovit.net 为你提供免费 Alpha SSL 证书签发,目前(2017-0-18)有效。

a. 生成 SSL KEY 及 CSR

在 unix 系统终端下输入以下命令即可生成:

生成证书私钥:

openssl genrsa -out dwhd.org.key 4096

生成证书 CSR:

openssl req -new -key dwhd.org.key -out dwhd.org.csr

也可以直接一条命令搞定

read -p 'Plz enter you domain: ' domain && \
openssl req -new -nodes -sha256 -newkey rsa:4096 -keyout ${domain}.key -out ${domain}.csr -subj "/emailAddress=dt.ops.benyoo@gmail.com/C=CN/ST=ShangHai/L=PuDong/O=PRIME Research Asia/OU=IT Department/CN=*.${domain}" && \
openssl req -text -noout -verify -in ${domain}.csr
[lookback@lookbackdeMacBook-Pro ~]$ read -p 'Plz enter you domain: ' domain && openssl req -new -nodes -sha256 -newkey rsa:4096 -keyout ${domain}.key -out ${domain}.csr -subj "/emailAddress=dt.ops.benyoo@gmail.com/C=CN/ST=ShangHai/L=PuDong/O=PRIME Research Asia/OU=IT Department/CN=*.${domain}" && openssl req -text -noout -verify -in ${domain}.csr
Plz enter you domain: dwhd.org
Generating a 4096 bit RSA private key
........................................................................................................................................................................++
............................................++
writing new private key to 'dwhd.org.key'
-----
verify OK
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: emailAddress=dt.ops.benyoo@gmail.com, C=CN, ST=ShangHai, L=PuDong, O=PRIME Research Asia, OU=IT Department, CN=*.dwhd.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (4096 bit)
                Modulus (4096 bit):
                    00:d3:5e:70:49:a0:ab:2e:11:83:71:ba:1b:13:2f:
                    01:c5:0f:65:65:49:fd:5b:eb:60:72:cf:89:db:f3:
                    ee:20:69:20:66:28:b4:31:50:c0:cb:7a:2c:8e:17:
                    c1:8e:7d:18:05:82:42:1b:e1:36:77:bb:e2:a6:2d:
                    ef:10:cd:3e:fd:43:98:3f:ce:ec:b8:5f:5c:05:03:
                    52:ef:72:1c:49:b5:8d:4f:6b:c0:8f:02:b9:0f:73:
                    90:90:31:13:af:39:04:f9:0f:64:72:0e:89:0c:f3:
                    5e:27:14:6b:a6:56:3a:23:3d:bd:2c:4c:bf:43:b1:
                    fa:e1:20:bf:f7:6d:53:fa:08:ba:d5:02:2e:e5:c8:
                    bd:1a:aa:76:9f:9b:03:c0:c1:70:e8:09:15:44:e6:
                    81:61:f1:d5:4e:12:e7:a6:9f:9a:fc:cb:37:66:db:
                    50:66:c4:98:4f:d7:3c:04:bd:37:69:68:9f:e6:32:
                    09:fa:c0:d1:92:2c:56:bc:3b:dc:6f:76:c2:d1:56:
                    a7:3e:fb:1d:27:3f:d3:18:71:47:03:4b:b4:b6:20:
                    5e:01:be:b1:b5:cd:86:3c:91:73:34:c5:e2:5f:cb:
                    18:22:12:10:10:46:46:1f:5d:f1:a5:53:b3:b1:b4:
                    54:20:c6:b8:ba:79:b9:d4:db:2b:e3:35:6c:c6:a3:
                    46:90:10:da:0f:83:9e:7a:66:0e:a7:b6:1f:58:81:
                    39:52:7c:71:4e:01:4c:20:03:4e:b3:40:49:7c:ed:
                    65:29:a4:0b:15:9f:6b:8d:4d:5d:7b:ab:6a:f4:7e:
                    cd:98:3e:82:0f:a9:58:77:f3:e7:c7:56:f2:41:d0:
                    8b:b8:ff:39:35:5c:12:a2:f9:bc:a3:43:3a:ca:15:
                    0e:ca:74:f3:4f:41:86:e1:d4:f0:b6:83:0d:99:ed:
                    db:2d:6c:e9:32:bf:0e:80:0c:3e:64:a9:ad:f4:23:
                    1e:a0:73:23:3a:b6:ba:f2:75:5e:fa:b0:37:10:9f:
                    95:dc:38:a4:2a:27:12:ba:6d:1e:fe:41:0d:28:11:
                    1b:a3:82:4a:9f:2a:b2:7a:0f:23:18:f4:be:8b:b3:
                    9f:4b:da:d4:d9:e9:2d:1f:82:4e:0d:f2:af:c6:ce:
                    47:0b:dd:25:37:ea:64:ae:7a:43:57:76:8d:45:5f:
                    1c:3b:e9:b1:7e:98:71:20:01:a1:93:34:ad:6e:f2:
                    ea:af:cd:90:19:99:3b:ad:cc:4f:56:f0:13:89:6a:
                    5e:b9:95:13:fd:f0:da:65:17:12:0d:f0:15:41:f2:
                    3c:03:a5:7e:81:40:8e:fd:32:95:c3:8b:1b:13:fc:
                    75:05:a4:97:cf:c2:f6:af:8b:f4:c1:dd:8c:5e:a0:
                    5a:4d:1d
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
        a5:1a:94:4b:db:93:9e:eb:4b:cb:08:54:61:c5:c5:04:f8:a8:
        2c:f8:48:d3:3b:46:96:cc:98:79:37:4b:8e:b5:d6:91:66:d0:
        3a:fd:fc:41:ed:a7:29:28:b2:d6:df:7a:e6:57:8c:fb:aa:be:
        73:e5:72:a5:4a:c5:98:78:82:7a:7f:9f:83:ae:3e:29:de:a0:
        29:f6:e4:46:7e:95:78:59:a7:a0:47:ea:41:a7:de:7e:2c:5f:
        6e:b3:2e:b3:27:e9:32:c8:f9:e3:38:a0:c7:c3:44:9d:70:3f:
        ef:ec:02:17:13:30:da:a3:c3:60:0b:d8:32:2f:79:c8:bc:39:
        40:71:e7:58:13:9c:0d:a2:6d:7f:e6:a1:21:f6:31:b2:ab:b0:
        2e:41:10:e8:ed:a6:90:1f:71:69:8a:ca:a9:26:2e:b3:e3:5b:
        6c:8e:cc:de:9f:d1:74:ee:e0:8b:b5:1a:fa:78:92:f3:5b:0f:
        e0:32:3e:66:52:b9:d9:df:98:cc:b0:5d:6f:e1:f3:3d:68:57:
        50:71:74:3e:18:b6:09:13:7e:72:f1:41:6e:54:ef:f5:2a:0b:
        b1:4d:c2:20:cd:11:c4:99:87:14:d2:63:25:b6:ed:b0:be:9f:
        9a:ff:2a:a6:da:4d:77:2f:57:85:0b:10:c9:f9:52:e1:0a:42:
        63:45:81:4b:c2:50:4f:56:49:67:7d:9a:37:a5:d4:e8:e3:22:
        a7:5b:c7:ef:c1:c2:d8:2c:14:cb:f9:d9:b3:c4:5d:ee:48:c6:
        f5:b0:cd:0d:d3:75:ef:af:dc:fe:26:6d:19:4f:37:80:fe:9f:
        f4:70:c5:b7:08:37:e0:8c:5a:b0:98:e4:c1:e2:ce:c5:f1:d2:
        96:9a:20:e6:58:da:d8:dc:ca:2e:f4:90:13:89:0e:ac:1b:41:
        4c:70:11:0d:f2:d6:db:ce:f4:51:64:7b:f9:cd:80:71:20:c6:
        95:25:60:20:bd:02:c6:48:1c:d5:27:ef:2a:b1:e0:f9:70:38:
        30:47:29:12:a0:85:4e:86:0c:3e:f7:4b:a9:8c:ca:15:ca:ec:
        32:87:54:3f:c3:ed:b3:a1:dc:9e:e0:ab:c3:de:d6:d3:47:bd:
        de:b7:e1:fd:9a:fe:89:7a:0b:45:02:a5:0f:f2:fc:6a:6a:7f:
        0e:07:c7:05:12:3a:23:d3:36:ae:c1:71:d9:66:a3:49:c4:63:
        e0:70:7d:10:f7:8b:9c:50:49:da:b4:41:a6:11:b1:b6:21:ab:
        99:12:67:58:e4:b9:8d:ef:c7:2a:2c:0f:7e:57:de:cb:7c:ba:
        54:b9:12:40:12:88:f0:cd:29:02:8b:85:fe:0a:7c:22:66:7b:
        59:76:8c:a3:5d:93:55:cb
[lookback@lookbackdeMacBook-Pro ~]$ cat dwhd.org.csr 
-----BEGIN CERTIFICATE REQUEST-----
MIIE6jCCAtICAQAwgaQxJjAkBgkqhkiG9w0BCQEWF2R0Lm9wcy5iZW55b29AZ21h
aWwuY29tMQswCQYDVQQGEwJDTjERMA8GA1UECBMIU2hhbmdIYWkxDzANBgNVBAcT
BlB1RG9uZzEcMBoGA1UEChMTUFJJTUUgUmVzZWFyY2ggQXNpYTEWMBQGA1UECxMN
SVQgRGVwYXJ0bWVudDETMBEGA1UEAxQKKi5kd2hkLm9yZzCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBANNecEmgqy4Rg3G6GxMvAcUPZWVJ/VvrYHLPidvz
7iBpIGYotDFQwMt6LI4XwY59GAWCQhvhNne74qYt7xDNPv1DmD/O7LhfXAUDUu9y
HEm1jU9rwI8CuQ9zkJAxE685BPkPZHIOiQzzXicUa6ZWOiM9vSxMv0Ox+uEgv/dt
U/oIutUCLuXIvRqqdp+bA8DBcOgJFUTmgWHx1U4S56afmvzLN2bbUGbEmE/XPAS9
N2lon+YyCfrA0ZIsVrw73G92wtFWpz77HSc/0xhxRwNLtLYgXgG+sbXNhjyRczTF
4l/LGCISEBBGRh9d8aVTs7G0VCDGuLp5udTbK+M1bMajRpAQ2g+DnnpmDqe2H1iB
OVJ8cU4BTCADTrNASXztZSmkCxWfa41NXXuravR+zZg+gg+pWHfz58dW8kHQi7j/
OTVcEqL5vKNDOsoVDsp0809BhuHU8LaDDZnt2y1s6TK/DoAMPmSprfQjHqBzIzq2
uvJ1XvqwNxCfldw4pConErptHv5BDSgRG6OCSp8qsnoPIxj0vouzn0va1NnpLR+C
Tg3yr8bORwvdJTfqZK56Q1d2jUVfHDvpsX6YcSABoZM0rW7y6q/NkBmZO63MT1bw
E4lqXrmVE/3w2mUXEg3wFUHyPAOlfoFAjv0ylcOLGxP8dQWkl8/C9q+L9MHdjF6g
Wk0dAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEApRqUS9uTnutLywhUYcXFBPio
LPhI0ztGlsyYeTdLjrXWkWbQOv38Qe2nKSiy1t965leM+6q+c+VypUrFmHiCen+f
g64+Kd6gKfbkRn6VeFmnoEfqQafefixfbrMusyfpMsj54zigx8NEnXA/7+wCFxMw
2qPDYAvYMi95yLw5QHHnWBOcDaJtf+ahIfYxsquwLkEQ6O2mkB9xaYrKqSYus+Nb
bI7M3p/RdO7gi7Ua+niS81sP4DI+ZlK52d+YzLBdb+HzPWhXUHF0Phi2CRN+cvFB
blTv9SoLsU3CIM0RxJmHFNJjJbbtsL6fmv8qptpNdy9XhQsQyflS4QpCY0WBS8JQ
T1ZJZ32aN6XU6OMip1vH78HC2CwUy/nZs8Rd7kjG9bDNDdN176/c/iZtGU83gP6f
9HDFtwg34IxasJjkweLOxfHSlpog5lja2NzKLvSQE4kOrBtBTHARDfLW2870UWR7
+c2AcSDGlSVgIL0Cxkgc1SfvKrHg+XA4MEcpEqCFToYMPvdLqYzKFcrsModUP8Pt
s6HcnuCrw97W00e93rfh/Zr+iXoLRQKlD/L8amp/DgfHBRI6I9M2rsFx2WajScRj
4HB9EPeLnFBJ2rRBphGxtiGrmRJnWOS5je/HKiwPflfey3y6VLkSQBKI8M0pAouF
/gp8ImZ7WXaMo12TVcs=
-----END CERTIFICATE REQUEST-----
[lookback@lookbackdeMacBook-Pro ~]$ 

签发免费 SSL 泛域名证书
签发免费 SSL 泛域名证书

生成 CSR 时会要求填入以下信息:

Country Name (2 letter code) [CN]: #输入国家代码,中国填 CN 美国填 US

State or Province Name (full name) [Some-State]: #输入省份

Locality Name (eg, city) []: #输入城市

Organization Name (eg, company) [Internet Widgits Pty Ltd]: #输入组织机构(例如公司名)

Organizational Unit Name (eg, section) []: #输入机构部门(例如公司某部门)

Common Name (e.g. server FQDN or YOUR name) []: #输入域名(例如 「dwhd.org」,如果要签发泛域名证书,这里填写 「*.dwhd.org」)

Email Address []: #你的邮箱

---

A challenge password []: #证书密码,不设置密码请直接回车,建议直接回车

An optional company name []: #额外的公司名称,可直接回车  

签发免费 SSL 泛域名证书

然后当前目录会生成以下两个文件:

  • dwhd.org.key
  • dwhd.org.csr

b. 签发证书

打开 https://assl.loovit.net 粘贴 dwhd.org.csr 内容至 Paste your CSR below: 栏,Email Address:栏填入你的邮箱,点下一步

签发免费 SSL 泛域名证书

然后点击确定

签发免费 SSL 泛域名证书

然后稍等几分钟,选择验证邮箱地址:

签发免费 SSL 泛域名证书

然后前往域名邮箱收取邮件,点击邮件中链接,点击 I Approve

签发免费 SSL 泛域名证书 签发免费 SSL 泛域名证书

签发免费 SSL 泛域名证书

 

签发免费 SSL 泛域名证书

签发免费 SSL 泛域名证书

之后,你的邮箱会收到一封标题类似「CEDX1701170372: Your SSL Certificate for *.dwhd.org has been issued」的邮件,邮件最下方为您的证书,将它和以下内容合并,并保存为 dwhd.org.crt 文件:

签发免费 SSL 泛域名证书

-----BEGIN CERTIFICATE-----
邮件最下方内容
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIETTCCAzWgAwIBAgILBAAAAAABRE7wNjEwDQYJKoZIhvcNAQELBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
MDBaFw0yNDAyMjAxMDAwMDBaMEwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMSIwIAYDVQQDExlBbHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcy
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gHs5OxzYPt+j2q3xhfj
kmQy1KwA2aIPue3ua4qGypJn2XTXXUcCPI9A1p5tFM3D2ik5pw8FCmiiZhoexLKL
dljlq10dj0CzOYvvHoN9ItDjqQAu7FPPYhmFRChMwCfLew7sEGQAEKQFzKByvkFs
MVtI5LHsuSPrVU3QfWJKpbSlpFmFxSWRpv6mCZ8GEG2PgQxkQF5zAJrgLmWYVBAA
cJjI4e00X9icxw3A1iNZRfz+VXqG7pRgIvGu0eZVRvaZxRsIdF+ssGSEj4k4HKGn
kCFPAm694GFn1PhChw8K98kEbSqpL+9Cpd/do1PbmB6B+Zpye1reTz5/olig4het
ZwIDAQABo4IBIzCCAR8wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0OBBYEFPXN1TwIUPlqTzq3l9pWg+Zp0mj3MEUGA1UdIAQ+MDwwOgYE
VR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hbHBoYXNzbC5jb20vcmVw
b3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWdu
Lm5ldC9yb290LmNybDA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6
Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAfBgNVHSMEGDAWgBRge2YaRQ2X
yolQL30EzTSo//z9SzANBgkqhkiG9w0BAQsFAAOCAQEAYEBoFkfnFo3bXKFWKsv0
XJuwHqJL9csCP/gLofKnQtS3TOvjZoDzJUN4LhsXVgdSGMvRqOzm+3M+pGKMgLTS
xRJzo9P6Aji+Yz2EuJnB8br3n8NA0VgYU8Fi3a8YQn80TsVD1XGwMADH45CuP1eG
l87qDBKOInDjZqdUfy4oy9RU0LMeYmcI+Sfhy+NmuCQbiWqJRGXy2UzSWByMTsCV
odTvZy84IOgu/5ZR8LrYPZJwR2UcnnNytGAMXOLRc3bgr07i5TelRS+KIz6HxzDm
MTh89N1SyvNTBCVXVmaU6Avu5gMUTu79bZRknl7OedSyps9AsUSoPocZXun4IRZZ
Uw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----

这样您的域名 SSL 证书就已经签发好了。

ssl_certificate /usr/local/nginx/conf/ssl/dwhd.org.crt;#Nginx配置的ssl证书
ssl_certificate_key /usr/local/nginx/conf/ssl/dwhd.org.key;#Nginx配置的ssl私钥
lookback

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: