我正在尝试连接两个使用 openssl 生成的有效自签名 CA pem 文件,以便在 Firefox(客户端)中导入单个 CA 文件,使用以下命令:
cat CA_file0.pem CA_file1.pem > CA_combination.pem
让 CA_file1.pem 对应于https://my_first_url.com(第一个 Apache 服务器),CA_file2.pem 对应于https://my_second_url.com(第二个 Apache 服务器)。
不幸的是,当我在 Firefox 中导入 CA_combination.pem 时,第二个证书 (CA_file2.pem) 被忽略,并且与第二个 URL 的连接显示为不受信任。请注意:
a)我已经在服务器端安装了适当的 openssl 文件
b) 当我单独导入 ca_file*.pem 文件时,Firefox 建立了信任连接。
(新的信息)
c) 打印连接文件的内容,我看到以下字符串,其中包括每行末尾的“\n”字符:
'-----开始证书-----\nMIID3TCCAsWgAwIBAgIJANqUJ4kzYi5zMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYD\nVQQGEwJHUjEPMA0GA1UECAwGR3JlZWNlMQ8wDQYDVQQHDAZQYXRyYXMxDzANBgNV\nBAoMBkNpdHJpeDETMBEGA1UE CwwKQnl0ZW1vYmlsZTENMAsGA1UEAwwEQ1NSVjEe\nMBwGCSqGSIb3DQEJARYPY3NydkBjaXRyaXguY29tMB4XDTEzMDkxMTEyNTg1NloX\nDTE2MDcwMTEyNTg1NlowgYQxCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZHcmVlY2Ux\n DzANBgNVBAcMBlBhdHJhczEPMA0GA1UECgwGQ2l0cml4MRMwEQYDVQQLDApCeXRl\nbW9iaWxlMQ0wCwYDVQQDDARDU1JWMR4wHAYJKoZIhvcNAQkBFg9jc3J2QGNpdHJp\neC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwgg EKAoIBAQC/PAbpqGwp6mqo\nl4caHP+lfml5nfQZCVH5pGaPymrg2zLkl1/UoCZ0DGqad+51s3ejqH3HEh+fK0vc\n8J0+8GJx3NCIcqbgL4iFn/4RNFG7ogoV0swpNdcoySIyxUt0JUbtD7TkUDvYOOIt\nr4Sl/+1mzDgzvTONSM ObAALSiajuLtj9YB2GL6CKTRgI+Oiw60htrSEj1MOWkjvY\nQkqwK9w36+QWZqxejoukqqOIWo8Nlphg22wWZgyM2RX5TQtr1yefUQdTnAVD0oh6\nIJBgv717S4SO6xKe6J5LsUKi6EAdJhl+188FlUcBifQz9C3iv7vpa2w2DGDU XVde\niKOX2wZ3AgMBAAGjUDBOMB0GA1UdDgQWBBRb1laXroXVRnmsXSDSJnd0v3VJujAf\nBgNVHSMEGDAWgBRb1laXroXVRnmsXSDSJnd0v3VJujAMBgNVHRMEBTADAQH/MA0G\nCSqGSIb3DQEBBQUAA4IBAQAR4IBqrBg9EMu5 UXiF9a3NjZhVVeUhIh+C2JLhY9Mh\nc6iz6drdULRwIRiBxjE9W/BpD6dw4VT125RwQrSY/gaUkSMjdgMkFUJV7m0AjqUg\n6INLZS7AU6aBc7Wu0yl/HHTA+3JkJY2aFbmb8LZOIAef7XnWLZsAOcXwRMexb7XM\nyYMVd8WYFeO/ EexubNkYGBK9y4Spg8jhX+M5SaHVnbQJ3/A4L9wdNzpuP4DItnJf\nBR7dds3CbeJi26lVLW94/mhzDpHkK2wVf7Z8WI3D67RBzaiRugxoT/Vx4pnPm/7y\n5N0NDWvopP8Zid08IkVAf7a6X7WcGaBo7MX64ctyBN/V\n-----证书结束-----\n-----开始证书-----\nMIID3TCCAsWgAwIBAgIJAKjZyxoQM+BVMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYD\nVQQGEwJHUjEPMA0GA1UECAwGR3JlZWNlMQ8wDQYDVQQHDAZQYXRyYXMxDzANBgNV\nBAoMBkNpdHJpeDETMBEGA1UE CwwKQnl0ZW1vYmlsZTENMAsGA1UEAwwEQ1NSVjEe\nMBwGCSqGSIb3DQEJARYPY3NydkBjaXRyaXguY29tMB4XDTEzMDkxNjA4NTE0MFoX\nDTE2MDcwNjA4NTE0MFowgYQxCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZHcmVlY2Ux\n DzANBgNVBAcMBlBhdHJhczEPMA0GA1UECgwGQ2l0cml4MRMwEQYDVQQLDApCeXRl\nbW9iaWxlMQ0wCwYDVQQDDARDU1JWMR4wHAYJKoZIhvcNAQkBFg9jc3J2QGNpdHJp\neC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwgg EKAoIBAQDqYz3uhNWNrbPQ\nPQ/uIhbpHhGPhN/EkmAZiLhptWfhi3PUVxegoayZabmEbckV8jT/DLoI1cmlw71Q\naPlQw5LT7zuekRpSMo2+8OWjzD098ngxAen7B7g7REuOmMA4zprgCMkSI5Vz1QwX\nEQwEuJCHWQ/6TbFoh1 qHJw1tGoGCa7QLYhk6SlsnAryJUj79d1xlOvnMFNZI9dEL\ns47FoG3BsCzcFBIW1om7UfpGB/s17JUvRrToouN3HimwTwoqMqAfPNN+j7ol+KVe\nLa2LoFhWrnoQ/HAmTh82MvbYI405c5lKGXqtWO2AT+f1q232vcdUA75JvzEX Ymkb\nLr+BfaSZAgMBAAGjUDBOMB0GA1UdDgQWBBRUzXhcDhrjWAiCXoCbT9Y4fVOqCDAf\nBgNVHSMEGDAWgBRUzXhcDhrjWAiCXoCbT9Y4fVOqCDAMBgNVHRMEBTADAQH/MA0G\nCSqGSIb3DQEBBQUAA4IBAQAn2tLQDc9n/y/k FS9iLTDF2zo2ncIebCo39Fqp0qBY\n/GMqBZhMfkSecYFINOQIXI2dLM61psM3vk+8P57UG6Ote2hXu09dNWEpmO0wCVru\n9uqpjDMklfTaYAL4de2hBnFtOfFSlhwGCqZo2zDnYHe5ljRRayBtkISlyPBX2A/O\nzisk7L2Bw0Ec kkBEVRipoSW8ubmpcbNf+G/s1FKVoS1lCTXA68Pp/aMbf3+qKlt9\nfp81RO85pZzn0y54J07pz6CXT3FIZQSqbxs3U3dBT41RlxqkNvXP86+Kz8AIn37g\nmILoj/vLo2rmeyNEELh90DX6pxl2MboQNWXKaP7NIMNJ\n-----证书结束-----\n'
(新的信息)
d) 通过将每个“\n”字符替换为“\r\n”字符,Firefox 的行为在使用连接的 CA 文件时保持不变。
有没有关于如何连接 CA pem 文件的想法?
(新的信息)
参考:
答案1
我在最初的帖子中描述的问题已得到解决。最后,我遇到的问题是完成 openssl 交互式终端字段时出现的误解。更准确地说,由于我编写的脚本中存在错误,两个不同的 CA 具有相似的字段,因此,通过在每个输入字段中插入一个随机序列,问题得到了解决。
谢谢大家的帮助!