科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>ssl - unable to create local CA signed certificate using openssl -- command generates self signed certificate - Stack Overflow

    ssl - unable to create local CA signed certificate using openssl -- command generates self signed certificate - Stack Overflow

    programmeradmin3浏览0评论

    Below are the commands

    openssl genrsa -out rootCA.key 4096
penssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1825 -out rootCA.pem -config opensslf
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -config opensslf
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 825 -sha256

    The last command generates the csr but it is self signed. Verify using openssl verify -CAfile rootCA.pem server.crt results in

    (venv) chuwi% openssl verify -CAfile rootCA.pem server.crt                                      
C = IN, ST = KARNATAKA, L = BENGALURU, O = Monallabs, OU = Cloudworks, CN = monallabs.in
error 29 at 1 depth lookup:subject issuer mismatch
C = IN, ST = KARNATAKA, L = BENGALURU, O = Monallabs, OU = Cloudworks, CN = monallabs.in
error 29 at 1 depth lookup:subject issuer mismatch
C = IN, ST = KARNATAKA, L = BENGALURU, O = Monallabs, OU = Cloudworks, CN = monallabs.in
error 29 at 1 depth lookup:subject issuer mismatch
server.crt: verification failed: 29 (subject issuer mismatch)

    Not really sure whats going wrong here. In fact the server.crt is self signed:

    openssl verify -CAfile server.crt server.crt 
server.crt: OK
    继续浏览有关 的文章

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论