1. 首頁
  2. 問答
  3. 無效的自簽名證書

無效的自簽名證書

2017-10-14 121 views
0

我嘗試和失敗,以創建一個自簽名證書。我想要實現的是在我的手機上測試webworker的網頁,爲此我需要https。但暫時我試圖在我的電腦本地運行它。無效的自簽名證書

我在Windows上使用OpenSSL的(我使用V1.1.0版本光從here)。

我在我的機器上安裝CA證書,我與服務瀏覽器的同步HTTPS選項提供的證書和密鑰的頁面。我越來越

錯誤是NET :: ERR_CERT_INVALID。什麼可能是無效部分?

命令我運行:

openssl genrsa -des3 -out CA.key 2048 
openssl req -x509 -new -nodes -key CA.key -sha256 -days 182 -out CA.pem -config ca.cfg 
openssl x509 -outform der -in CA.pem -out CA.crt 
openssl genrsa -out dev.key 2048 
openssl req -new -key dev.key -out dev.csr -config dev.cfg 
openssl x509 -req -in dev.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out dev.crt -days 1825 -sha256 -extfile dev.ext 
openssl pkcs12 -export -in dev.crt -inkey dev.key -out dev.p12

CA.cfg:

[ req ] 

default_bits  = 2048 
default_keyfile  = server-key.pem 
distinguished_name = subject 
req_extensions  = req_ext 
x509_extensions  = x509_ext 
string_mask   = utf8only 

[ subject ] 

countryName     = Country Name (2 letter code) 
countryName_default   = PL 

stateOrProvinceName   = State or Province Name (full name) 
stateOrProvinceName_default = PL 

localityName    = Locality Name (eg, city) 
localityName_default  = PL 

organizationName   = Organization Name (eg, company) 
organizationName_default = Example Organization 

commonName     = Common Name (e.g. server FQDN or YOUR name) 
commonName_default   = Example Division 

emailAddress    = Email Address 
emailAddress_default  = [email protected] 

[ x509_ext ] 

subjectKeyIdentifier = hash 
authorityKeyIdentifier = keyid,issuer 

keyUsage    = digitalSignature, keyEncipherment 
subjectAltName   = @alternate_names 

[ req_ext ] 

subjectKeyIdentifier = hash 

keyUsage    = digitalSignature, keyEncipherment 
subjectAltName  = @alternate_names 

[ alternate_names ] 

DNS.1  = 192.168.0.17

dev.cfg

[ req ] 

default_bits  = 2048 
default_keyfile  = server-key.pem 
distinguished_name = subject 
req_extensions  = req_ext 
x509_extensions  = x509_ext 
string_mask   = utf8only 

[ subject ] 

countryName     = Country Name (2 letter code) 
countryName_default   = PL 

stateOrProvinceName   = State or Province Name (full name) 
stateOrProvinceName_default = PL 

localityName    = Locality Name (eg, city) 
localityName_default  = PL 

organizationName   = Organization Name (eg, company) 
organizationName_default = Example Organization 

commonName     = Common Name (e.g. server FQDN or YOUR name) 
commonName_default   = Example Division 

emailAddress    = Email Address 
emailAddress_default  = [email protected] 

[ x509_ext ] 

subjectKeyIdentifier = hash 
authorityKeyIdentifier = keyid,issuer 

keyUsage    = digitalSignature, keyEncipherment 
subjectAltName   = @alternate_names 

[ req_ext ] 

subjectKeyIdentifier = hash 

keyUsage    = digitalSignature, keyEncipherment 
subjectAltName  = @alternate_names 

[ alternate_names ] 

DNS.1  = 192.168.0.17

dev.ext:

authorityKeyIdentifier=keyid,issuer 
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment 
subjectAltName = @alt_names 

[alt_names] 
DNS.1 = 192.168.0.17

來源

2017-10-14 Tadeusz

+0

擾得桌面或移動的錯誤? –

+0

'DNS.1 = 192.168.0.17' - IP地址不是主機名。改用'IP.1'。而且我也沒有看到你使用有用的CN。除此之外,您還不清楚您打算如何使用證書,即訪問服務器時使用的URL是什麼? –

+0

我已更改爲IP.1,謝謝。可悲的是,我仍然遇到'無效'錯誤。通過https://192.168.0.17:3000訪問頁面時,我在桌面上收到此錯誤。 – Tadeusz

回答

0

看來我已經失去了希望快速發佈這個問題。 我找到了this解決方案。

提供了兩個DNS(本地主機)和IP(如192.168.0.17)的作品在Windows機器上。

來源

2017-10-14 23:00:00 Tadeusz

相關問題

 相關問題