2011-07-11 55 views
2

我想爲我的本地開發服務器擁有一個自簽名SSL證書。我在下面,你發出命令簽署通過發出以下命令在證書上https://help.ubuntu.com/community/OpenSSL,並在最後一步的指導:openssl:'policy'配置中的無效類型

openssl ca -in tempreq.pem -out server_crt.pem 

我收到以下錯誤:(最後一行)

Using configuration from /home/user_name/.ssl/caconfig.cnf 
Enter pass phrase for /home/user_name/.ssl/private/cakey.pem: 
Check that the request matches the signature 
Signature ok 
The Subject's Distinguished Name is as follows 
commonName   :PRINTABLE:'localhost' 
stateOrProvinceName :PRINTABLE:'AA' 
countryName   :PRINTABLE:'ET' 
emailAddress   :IA5STRING:'[email protected]' 
organizationName  :PRINTABLE:'Example Inc' 
organizationalUnitName:PRINTABLE:'Development' 
localhost:invalid type in 'policy' configuration 

我能做些什麼來解決它?只是作爲背景,我的服務器沒有域名,所以我只是使用localhost作爲commanName。這是問題嗎?

感謝您的幫助。

回答

6
  1. 複製從/etc/ssl/openssl.cnf文件的政策,您的配置文件

  2. 從開始

  3. 政策部分重建所有的文件就像下面:

 
    policy   = policy_match 

    # For the CA policy 
    [ policy_match ] 
    countryName    = match 
    stateOrProvinceName  = match 
    organizationName  = match 
    organizationalUnitName = optional 
    commonName    = supplied 
    emailAddress   = optional 

    # For the 'anything' policy 
    # At this point in time, you must list all acceptable 'object' 
    # types. 
    [ policy_anything ] 
    countryName    = optional 
    stateOrProvinceName  = optional 
    localityName   = optional 
    organizationName  = optional 
    organizationalUnitName = optional 
    commonName    = supplied 
    emailAddress   = optional