问题描述
我需要一个网站SSL证书,但是CA不接受我的CSR,并告诉我,这是SHA1算法,您应该发送基于SHA2的CSR文件.如何在Windows 2012R2上为IIS网站创建SHA2 CSR文件?
I need SSL cert for a web site but CA did not accept my CSR and told me, that is SHA1 algorithm and you should send SHA2 based CSR file.How can I create SHA2 CSR file for IIS web site on windows 2012R2 ?
推荐答案
我遇到了同样的问题,这对我有帮助: http://day.ir/en-us/articles/ssl/create-csr-sha2-算法
I had same problem and this helped me:http://day.ir/en-us/articles/ssl/create-csr-sha2-algorithm
SHA2 CSR
*运行> MMC>文件>添加删除管理单元...>证书>添加
*从左侧面板中选择证书,然后单击添加按钮
*单击添加按钮,将弹出证书管理单元窗口.选择计算机帐户>下一步
*在选择计算机"窗口中,选择本地计算机"(运行此控制台的计算机)>完成"
*在添加或删除管理单元"窗口中,选择已添加的证书管理单元,然后按OK
*在控制台根目录下,选择个人">证书(右键单击)>所有任务">高级操作">创建自定义请求".
*在选择证书注册策略"页面上选择不注册时继续进行",然后单击下一步.
*在自定义请求"窗口中,选择(无模板)CNG密钥和PKCS#10格式,然后选择下一步"
*在证书信息"页面中,选择详细信息"以展开框
*单击详细信息"属性后,将其选中.
*在用于友好名称的证书属性>常规"选项卡中,添加域时需要SSL,例如,如果要为www.day.ir创建CSR,请在描述和友好名称"上键入此名称.
*常用名:CN是您的域名
**在私钥"选项卡中,选择密钥选项",然后将密钥大小"更改为2048或更大.在选择哈希算法"上,将哈希算法"更改为sha256,单击确定",然后单击下一步".选择使私钥可导出"将有助于将来备份已安装的证书,以便移至新服务器或出现任何问题
SHA2 CSR
*RUN > MMC > FIle> Add Remove Snap -In... > Certificates > Add
*Select Certificates from left panel and click Add button
*click on Add button Certificate Snap-in window will pop-up. Select Computer account > Next
*In Select Computer window select Local Computer(the computer this console is running on) >Finish
*in Add or Remove Snap-ins window select added Certificates snap-in and press OK
*Under Console Root select Personal> Certificates(right click)> All Tasks> Advanced Operations> Create custom request.
*Select Proceed without enrollment policy on Select Certificate Enrollment Policy page> Next
*in Custom request windows select (No Template)CNG key and PKCS#10 format and select Next
*In Certificate Information page select Details to expand box
*After clicking Details properties will appear select it.
*In Certificate Properties > General tab for friendly name add domain you need SSL for that for example if you are creating CSR for www.day.ir type this on Description and friendly name.
*Common name: CN is your domain name
**in Private Key tab select Key Options and change Key size to 2048 or bigger.On Select Hash Algorithm change Hash Algorithm to sha256 click OK and Next.Selecting Make private key exportable will help to backup installed certificate in future for move to new server or any problem
这篇关于如何在Windows 2012R2上为IIS网站制作SHA2 CSR文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!