ssl 生成自签名证书时,配置文件“v3.ext”的第1行出错

mmvthczy  于 2023-05-07  发布在  其他
关注(0)|答案(2)|浏览(129)

我试图创建一个自签名的SSL证书,当我去生成SSL证书,我得到了以下错误:
配置文件“v3.ext”的第1行出现错误
我用来生成证书的命令是:

openssl x509 -req -sha256 -extfile v3.ext -days 365 -in server.csr -signkey server.key -out server.crt

我的v3.ext文件如下:

$ cat v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
 
[alt_names]
DNS.1 = <common_name>
$

所以我想我的问题是我的v3.ext有什么问题。我遵循的指南在这里:https://ksearch.wordpress.com/2017/08/22/generate-and-import-a-self-signed-ssl-certificate-on-mac-osx-sierra/

erhoui1w

erhoui1w1#

从ext文件中删除前导BOM表。您可以使用Notepad++将编码更改为UTF-8,并将其保存为不带BOM表。

bcs8qyzn

bcs8qyzn2#

你的配置文件看起来很奇怪。我一直使用的自签名或pki签名证书的格式沿着:

[ req ]
default_bits       = 4096
distinguished_name = req_distinguished_name
req_extensions     = req_ext

[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
countryName_default         = GB
stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = England
localityName                = Locality Name (eg, city)
localityName_default        = Brighton
organizationName            = Organization Name (eg, company)
organizationName_default    = Hallmarkdesign
commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_max              = 64
commonName_default          = localhost

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1   = your-website.dev
DNS.2   = another-website.dev

相关问题