0
我嘗試和失敗,以創建一個自簽名證書。我想要實現的是在我的手機上測試webworker的網頁,爲此我需要https。但暫時我試圖在我的電腦本地運行它。無效的自簽名證書
我在Windows上使用OpenSSL的(我使用V1.1.0版本光從here)。
我在我的機器上安裝CA證書,我與服務瀏覽器的同步HTTPS選項提供的證書和密鑰的頁面。我越來越
錯誤是NET :: ERR_CERT_INVALID。什麼可能是無效部分?
命令我運行:
openssl genrsa -des3 -out CA.key 2048
openssl req -x509 -new -nodes -key CA.key -sha256 -days 182 -out CA.pem -config ca.cfg
openssl x509 -outform der -in CA.pem -out CA.crt
openssl genrsa -out dev.key 2048
openssl req -new -key dev.key -out dev.csr -config dev.cfg
openssl x509 -req -in dev.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out dev.crt -days 1825 -sha256 -extfile dev.ext
openssl pkcs12 -export -in dev.crt -inkey dev.key -out dev.p12
CA.cfg:
[ req ]
default_bits = 2048
default_keyfile = server-key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = PL
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = PL
localityName = Locality Name (eg, city)
localityName_default = PL
organizationName = Organization Name (eg, company)
organizationName_default = Example Organization
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = Example Division
emailAddress = Email Address
emailAddress_default = [email protected]
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
[ req_ext ]
subjectKeyIdentifier = hash
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
[ alternate_names ]
DNS.1 = 192.168.0.17
dev.cfg
[ req ]
default_bits = 2048
default_keyfile = server-key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = PL
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = PL
localityName = Locality Name (eg, city)
localityName_default = PL
organizationName = Organization Name (eg, company)
organizationName_default = Example Organization
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = Example Division
emailAddress = Email Address
emailAddress_default = [email protected]
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
[ req_ext ]
subjectKeyIdentifier = hash
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
[ alternate_names ]
DNS.1 = 192.168.0.17
dev.ext:
authorityKeyIdentifier=keyid,issuer
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = 192.168.0.17
擾得桌面或移動的錯誤? –
'DNS.1 = 192.168.0.17' - IP地址不是主機名。改用'IP.1'。而且我也沒有看到你使用有用的CN。除此之外,您還不清楚您打算如何使用證書,即訪問服務器時使用的URL是什麼? –
我已更改爲IP.1,謝謝。可悲的是,我仍然遇到'無效'錯誤。通過https://192.168.0.17:3000訪問頁面時,我在桌面上收到此錯誤。 – Tadeusz