Google chrome - 不打开 link ERR_CERT_COMMON_NAME_INVALID
Google chrome - does not open the link ERR_CERT_COMMON_NAME_INVALID
在 Google chrome 我不断得到 ERR_CERT_COMMON_NAME_INVALID。
已创建证书:
C:\OpenSSL-Win..\bin>openssl genrsa -aes256 -out private.key 2048
C:\OpenSSL-Win..\bin>openssl rsa -in private.key -out private.key
C:\OpenSSL-Win..\bin>openssl req -new -x509 -sha1 -key private.key -out certificate.crt -days 36500 -config C:\OpenSSL-Win..\bin\openssl.cfg
怎么了?为什么得到 ERR_CERT_COMMON_NAME_INVALID?
它有效。
第 1 步
A)
# openssl genrsa -out server_rootCA.key 2048
# openssl req -x509 -new -nodes -key server_rootCA.key -sha256 -days 3650 -out server_rootCA.pem
B)
# cat server_rootCA.csr.cnf
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=BE
ST=oost-vlaanderen
L=Whosebug
O=Whosebug
OU=local_RootCA
emailAddress=helpdesk@whosebug.com
CN = localhost
# cat v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
C)
# openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server_rootCA.csr.cnf )
# openssl x509 -req -in server.csr -CA server_rootCA.pem -CAkey server_rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256 -extfile v3.ext
第 2 步
在 Apache 中使用
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
第 3 步:
- 将 PEM 添加到浏览器
- Chromium -> 设置 ->(高级)管理证书 -> 导入 -> 'server_rootCA.pem'
在 Google chrome 我不断得到 ERR_CERT_COMMON_NAME_INVALID。
已创建证书:
C:\OpenSSL-Win..\bin>openssl genrsa -aes256 -out private.key 2048
C:\OpenSSL-Win..\bin>openssl rsa -in private.key -out private.key
C:\OpenSSL-Win..\bin>openssl req -new -x509 -sha1 -key private.key -out certificate.crt -days 36500 -config C:\OpenSSL-Win..\bin\openssl.cfg
怎么了?为什么得到 ERR_CERT_COMMON_NAME_INVALID?
它有效。
第 1 步
A)
# openssl genrsa -out server_rootCA.key 2048
# openssl req -x509 -new -nodes -key server_rootCA.key -sha256 -days 3650 -out server_rootCA.pem
B)
# cat server_rootCA.csr.cnf
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=BE
ST=oost-vlaanderen
L=Whosebug
O=Whosebug
OU=local_RootCA
emailAddress=helpdesk@whosebug.com
CN = localhost
# cat v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
C)
# openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server_rootCA.csr.cnf )
# openssl x509 -req -in server.csr -CA server_rootCA.pem -CAkey server_rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256 -extfile v3.ext
第 2 步
在 Apache 中使用
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
第 3 步:
- 将 PEM 添加到浏览器
- Chromium -> 设置 ->(高级)管理证书 -> 导入 -> 'server_rootCA.pem'