我是新手。我的目标是为我的Cisco防火墙创建CSR。由于需要添加EKU,而Cisco CSR不支持此功能,建议我使用OpenSSL。第二个要求是使用多个SAN。
我不知道如何操作,也不知道应该在哪里生成密钥(Cisco还是OpenSSL)。我在Linux和MacOS上都安装了OpenSSL。能否有人给我提供逐步指导,以帮助我实现这个目标?
针对OpenSSL中的SAN和EKU:
openssl genrsa -out key.pem 2048
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = BE
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Brussels
localityName = Locality Name (eg, city)
localityName_default = Brussels
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = san.domain1.com
DNS.2 = san.domain2.com
创建CSR:openssl req -new -key key.pem -out cisco_fw.csr -config cisco_fw_csr_config.cnf
如果您需要检查CSR内容:openssl req -in cisco_fw.csr -noout -text
openssl req -new -batch -key key.pem -out cisco_fw.csr -config cisco_fw_csr_config.cnf