[英]Why do I have to create a certificate request (CSR) from the private key?
I am trying to create a Certificate Request (CSR) from the below method where I need to give the private key, my understanding is that CSR needs/contains only the public key information with the other details about the requestor like Company Name, etc. But if extract the public key and pass while creating the CSR it throws the below error, So I am wondering why it requires a private key , although I understand private key contains the public key as well , Is it just because the public key is trusted when it's with the private key in the form of key-pair or something else ? 我正在尝试通过以下方法创建证书请求(CSR),在该方法中我需要提供私钥,我的理解是CSR仅需要/包含公钥信息以及有关请求者的其他详细信息,例如公司名称等。但是如果提取公钥并在创建CSR时通过它会引发以下错误,所以我想知道为什么它需要私钥,尽管我知道私钥也包含公钥,这仅仅是因为公钥受信任吗?当它与密钥对或其他形式的私钥一起使用时?
openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048
openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr
Trying to generate using public key: 尝试使用公钥生成:
openssl rsa -in domain.com.key.pem -pubout domain.publickey
openssl req -new -sha256 -key domain.publickey -out cert.csr
unable to load Private Key
140258108909384:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY
The whole point of the certificate is to establish a relationship between the private key and you as the identity in the certificate. 证书的重点是在私钥和您之间建立一种关系,作为证书中的身份。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.