因此,我在 Windows 上安装了一个自签名根证书,然后使用 https 访问我的域,chrome 承认来自我的域的证书,但仍然出现不安全错误,而不是显示绿色锁。
知道为什么会发生这种情况吗?更不用说我的服务器在 AWS 上,并且我已将其配置为仅接受使用端口 443 上的 HTTPS 的连接。
非常感谢任何建议或想法!
这是证书文件:
服务器证书:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
71:3b:54:71:75:c7:6e:cc:e8:4e:b2:3a:36:7f:08:0c:ad:f8:fd:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = CA, ST = ON, L = Toronto, O = Boss Insights, OU = DevOps, CN = Boss Insights Root CA
Validity
Not Before: Aug 8 21:03:04 2019 GMT
Not After : Aug 5 21:03:04 2029 GMT
Subject: C = CA, ST = ON, L = Toronto, O = Boss Insights, OU = DevOps, CN = files.bossinsights.com, emailAddress = [email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:c8:29:17:a6:b3:8a:cb:52:0a:7b:c5:d9:d9:a8:
1f:2f:f2:41:4d:cc:7b:01:f2:4e:5a:55:ac:49:5a:
ff:9f:a0:df:8b:96:8c:2c:86:2b:25:d5:be:2f:38:
01:40:d9:6c:92:01:a3:c0:01:fc:d2:e4:ed:a8:28:
55:c2:60:2e:ad:40:3b:d4:b2:0a:6c:54:37:a2:ae:
94:51:8f:89:46:f8:a6:78:c0:ec:80:ea:a8:07:f8:
b8:d2:0d:c0:0b:78:e4:e8:1d:56:09:a6:d0:e8:a0:
b6:4b:dc:96:21:92:1b:d7:6b:9d:e6:1c:1a:9c:97:
54:ef:83:8e:69:27:32:d7:b2:ea:ec:12:55:76:34:
76:ca:87:4b:3d:7a:8f:19:a8:98:21:29:11:37:3f:
dc:18:c2:ed:c5:7f:56:b4:b6:20:a6:03:53:86:e1:
a9:be:36:e6:a7:a1:37:f9:ad:8c:76:7d:f5:4a:d5:
03:fb:30:2e:56:f5:b0:83:47:d6:5e:c1:44:92:17:
91:51:b0:90:55:8b:99:39:c3:c6:77:a6:5e:20:42:
4f:5b:ad:c9:98:7f:56:e7:ae:26:fe:9a:6d:82:90:
ce:91:16:96:19:a4:30:82:ee:21:0b:0b:75:51:cd:
00:b2:34:5d:24:8f:f2:27:5b:0e:ed:0c:d3:ee:b8:
97:15:b9:97:86:cc:59:79:da:63:ac:a2:b1:27:f3:
49:f5:1b:37:f0:11:4a:58:dd:46:47:3a:85:06:f8:
45:a4:98:64:80:d0:aa:69:14:b1:72:9f:65:90:67:
8c:9e:c0:58:e9:70:c3:9b:02:92:b6:b7:b1:5e:f9:
3d:55:94:40:f9:4a:fb:f8:b0:9b:b5:3f:63:30:60:
1c:cb:bf:3f:6f:ab:cd:a2:c4:50:b9:d1:ee:44:6e:
57:09:4a:96:54:62:36:e0:d2:b2:b1:37:dc:d4:64:
8d:5b:52:7b:a6:24:23:08:67:a4:0d:58:80:0f:13:
13:ea:d9:95:f3:f0:04:26:0a:45:a2:31:fb:b7:41:
c3:cd:3e:99:d4:7c:bf:1e:61:29:4f:ac:92:b0:bb:
10:e6:25:9c:d8:4c:61:7f:92:ad:8d:2b:5e:7c:b4:
e8:02:4d:69:5a:f1:5c:a5:d3:85:8e:ca:f1:c9:d1:
f3:8f:2c:4b:99:6c:af:47:86:87:da:0e:5a:b7:ab:
97:bf:ae:25:0b:bd:ea:f0:15:04:f8:43:1c:e3:7e:
0d:b1:f4:3e:2f:25:6a:21:eb:eb:0b:d8:8e:0e:85:
fd:15:62:23:00:d3:64:a9:99:8c:0a:e0:75:a5:1d:
26:f0:4f:ed:a2:94:ab:f9:52:9a:d5:04:b4:25:9f:
e5:bf:e7
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
86:5c:c2:58:34:f1:96:98:ca:d7:d6:7b:f5:d1:dd:c0:c7:7b:
f5:bb:79:a6:eb:ed:63:3d:3f:b7:c8:64:25:d1:53:d9:2d:97:
b5:71:03:6c:dd:46:9d:45:92:9e:94:e8:b2:c5:1f:19:2a:24:
39:68:97:67:e0:d6:bc:3d:ee:88:38:a3:e3:33:37:6a:71:83:
4f:15:73:11:a3:58:93:d7:56:e9:11:ac:5f:35:7f:8b:72:85:
3a:a5:98:f2:86:93:2e:3f:68:0b:f9:29:86:59:7a:98:15:19:
76:a9:32:9c:89:a8:52:dd:fb:4d:a7:fd:33:8f:4c:4a:21:7b:
be:8e:5f:f6:6c:dd:f9:14:99:ea:18:17:dc:a4:6c:6d:56:20:
ee:77:49:4c:99:4f:9f:ff:df:9d:e2:cf:93:49:c2:a7:fd:af:
c7:5f:40:c7:e7:87:ae:32:1b:e9:fb:6c:4b:8c:37:c5:09:22:
5d:dc:87:b7:a4:8f:3e:9a:29:8d:5b:a7:cd:e5:3e:04:06:c4:
62:84:0a:b7:95:06:c2:a6:ab:b9:39:26:d4:39:f6:08:a0:57:
58:e8:a5:14:c1:1b:6c:5b:2a:95:1d:4d:9e:35:6b:8f:4c:27:
de:8d:9a:b5:67:de:36:73:48:3d:ac:3b:fe:d5:d5:d6:70:5b:
94:d5:8e:63:2c:49:1c:ef:cb:9e:1e:c2:d6:68:bb:98:01:ed:
d3:28:f5:b7:df:20:5d:0a:ff:5d:04:9d:cd:e1:c7:38:f6:26:
23:a0:22:da:51:ca:23:c3:f7:32:f1:ef:34:0d:fa:a4:ad:df:
c0:fd:8d:21:94:1e:99:62:42:6c:d3:1b:95:4f:bc:07:a9:d9:
e2:14:9c:0f:d4:17:8b:79:ce:ba:51:76:63:81:65:9f:70:dd:
74:67:18:3e:29:ea:ce:1e:f6:29:0a:e8:46:34:88:44:6b:d8:
62:79:ea:f8:7d:79:25:0d:af:da:2f:66:32:9a:27:05:88:ab:
d0:d2:0f:86:d1:d7:2a:f7:f4:c2:91:6b:81:f2:c0:f9:dd:4c:
88:33:6a:f7:6e:9f:44:8a:e8:3a:7f:42:fa:87:95:4c:1d:53:
ac:31:68:98:64:49:04:17:e6:2d:fe:b1:12:d3:a0:85:96:48:
2f:d3:9e:e4:a9:e1:cc:9d:49:55:1b:c2:0f:af:3a:d1:55:f0:
a0:d9:ec:8a:4d:62:18:d1:d6:3d:41:2c:39:0c:49:7b:cc:7e:
0e:cb:16:75:75:2f:64:04:64:a4:6d:04:d6:8b:16:a2:25:5e:
4e:c0:48:88:d6:c4:ab:0a:55:7e:a2:d3:80:ed:64:f9:28:5c:
9d:3e:69:3a:e8:21:8e:e8
根证书:
X509 Certificate:
Version: 3
Serial Number: 57becf8af1e115a8f36642cd0291ada2c1121147
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA
Algorithm Parameters:
05 00
Issuer:
CN=Boss Insights Root CA
OU=DevOps
O=Boss Insights
L=Toronto
S=ON
C=CA
Name Hash(sha1): 4e1e7b6a76121a5aa58b7de85033f3196739004a
Name Hash(md5): f44c7e94941e6c8130b3e3156a51be03
NotBefore: 8/8/2019 12:45 PM
NotAfter: 8/5/2029 12:45 PM
Subject:
CN=Boss Insights Root CA
OU=DevOps
O=Boss Insights
L=Toronto
S=ON
C=CA
Name Hash(sha1): 4e1e7b6a76121a5aa58b7de85033f3196739004a
Name Hash(md5): f44c7e94941e6c8130b3e3156a51be03
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 4096 bits
Public Key: UnusedBits = 0
0000 30 82 02 0a 02 82 02 01 00 b6 75 9d dd 1b 92 01
0010 5c 65 c3 ed c0 fc e9 03 b5 2b fa 7c 38 58 07 18
0020 0d 4c 05 e8 48 03 b8 a6 cc 46 c8 bb 64 95 7b db
0030 61 e4 83 16 ca 4d 15 99 8d 3e 2f ed fe 35 ab dc
0040 27 5f ea b5 7a f0 13 18 ec ed 59 04 2f f8 0b 72
0050 3c b6 95 d1 ea 03 01 54 99 d8 95 ba 41 77 13 e5
0060 a4 ac 48 2a 83 e0 dd 7e 41 b8 b3 4b 40 ab 9c c5
0070 43 41 b2 f1 ab 49 4e 57 a1 38 3a b0 b8 f9 af 06
0080 b0 ce e2 b4 7d 10 32 1c d2 a1 0d 29 ee 01 96 c3
0090 bb 77 3f 6a 7b 7f d0 57 d2 63 8d 7e 3c 73 f0 92
00a0 67 5e e3 4a 05 e0 22 c1 d3 79 e3 51 f2 5b 9c 48
00b0 93 37 28 68 6c 92 0c d5 6f f4 75 b5 c3 a8 e4 fa
00c0 2f 6c 48 6d 70 18 be af 1f 5a 04 14 9a 0f 83 56
00d0 f9 a1 bf 9d f7 40 40 66 6d 84 31 cb 9a e1 9d 2c
00e0 e6 e6 4b 3c ab 36 7f fa 46 1b e3 43 ff 89 e9 57
00f0 84 a9 89 8f ad 77 84 04 a8 57 bb 7b 54 66 8d f2
0100 3a 34 c0 20 66 9f 35 6a 96 e4 0a 42 ba 5a 89 73
0110 54 97 f0 42 d9 b7 28 bf b3 09 08 93 48 32 10 3b
0120 b2 89 48 74 a0 c2 8c 07 c6 58 77 48 1a f7 3d 94
0130 92 4b 43 fc a9 1a ed 9a e2 ff f5 95 88 af 85 96
0140 f7 43 27 d5 03 cb c9 5a 20 53 f2 8c 36 2f 98 12
0150 ac f2 f9 23 99 c5 6c f5 73 8f 51 1c aa d9 95 67
0160 87 e9 aa e0 55 14 72 3d 62 e9 31 ee 73 a8 9d 88
0170 02 48 1e a9 b3 ae 75 d0 8e 83 ba 11 de d4 a0 e5
0180 db c5 8a 4c f1 dd d0 65 66 c6 f5 8c 78 09 25 91
0190 30 84 32 ed 65 f2 9a 66 ec 31 d6 7e 5a 4f 67 a7
01a0 98 63 44 b3 ed ce 58 e3 98 a8 2d 87 b9 fa 2c 07
01b0 bb 6f 7e cb 69 f7 30 2c 23 5b 05 26 78 15 3d 92
01c0 19 4e 56 19 43 e0 dd 37 ba a0 8c ef 1c 97 4b 90
01d0 6c 48 63 11 d7 ca a4 9d e1 dc 25 b2 25 a6 c5 e9
01e0 7f b4 e2 8a 6e ac f7 44 8e a2 83 26 39 59 bd e2
01f0 93 e1 d8 5a 93 4f 09 b0 23 15 82 80 f2 78 17 af
0200 cc 62 93 48 f7 a9 83 b5 43 02 03 01 00 01
Certificate Extensions: 3
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
26 e5 f8 57 3b c8 98 f9 be d9 f4 8f d9 90 83 84 96 8a d0 5a
2.5.29.35: Flags = 0, Length = 18
Authority Key Identifier
KeyID=26 e5 f8 57 3b c8 98 f9 be d9 f4 8f d9 90 83 84 96 8a d0 5a
2.5.29.19: Flags = 1(Critical), Length = 5
Basic Constraints
Subject Type=CA
Path Length Constraint=None
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 6d e3 04 de 0b 9b 65 d6 3c d2 32 26 b0 7d 6f 87
0010 e8 7a 55 04 e2 8c db d8 24 10 f8 77 29 7b 9c e7
0020 52 b9 12 38 52 26 7a bc 7e 65 9e 71 f9 fe 47 85
0030 43 b8 c3 ed 6f 8a f0 e1 e4 91 45 e4 b4 a1 c5 69
0040 2c 1f 14 6b ae a4 6b 95 cd 22 37 f3 24 54 74 0e
0050 16 f9 df 03 ed dd 44 a8 8a be c5 76 1e 12 da 90
0060 1d 7f 74 92 8a 0f 45 e2 87 4d ed e7 3b 54 94 de
0070 78 6b 27 3a 97 d4 54 09 13 45 7a 7e a1 19 67 d1
0080 d1 b6 dd 2e f7 87 46 7e 0e d4 77 6d e3 87 6e 93
0090 8e bd 2b bc e3 84 66 d1 6b 75 56 8a 00 e5 42 4a
00a0 42 63 06 ae d6 89 89 9d 41 9d 9e 49 70 3c 53 cb
00b0 38 fa 38 45 75 57 1d e7 1f d5 1d 0e 18 98 e1 4f
00c0 b2 ed 60 4d 3c ef f6 24 5d ce bf 2a 34 d6 ad de
00d0 68 6b 0a 9f cf a2 fa 89 20 76 88 5c 59 e2 8d c2
00e0 3e 7d 44 2e 19 9f 6e 63 0c 27 97 c4 4e bb 32 3b
00f0 11 f7 fb 8c c8 2e 92 4e 6c 9c cd fd 72 dd e8 e7
0100 d4 be 25 df c8 ed 7d 12 57 80 fd f4 30 cb d4 d5
0110 e3 05 b0 56 33 0e 6b eb ab 7b 32 26 b6 28 ce 31
0120 80 4b 79 e4 4a 19 3a 0c c7 43 1a ea 18 db 9e a4
0130 cd d7 1e ab 60 bf 47 9b 79 3b a3 4d 51 c6 8f f9
0140 e1 2a b6 f0 82 07 3b f4 65 a6 0e e4 18 56 ef 52
0150 52 fd d8 65 f0 33 78 dc e7 17 f0 15 61 54 0a 03
0160 2a ce 37 76 c0 20 6b 21 e9 7e 31 fa c2 d9 87 23
0170 40 52 26 63 6b 61 dc 21 cf ef 12 7e 07 81 ee 44
0180 aa 35 ae ef 6c 44 2d 68 66 52 0e b4 9b b6 45 94
0190 8f e2 da 93 25 5e 66 a2 08 bf 32 b8 d6 1f fd 93
01a0 24 5a 82 6e 87 59 97 21 d1 54 48 a5 14 7f 80 71
01b0 f9 1e 92 b8 d8 a3 31 26 18 86 8e a6 4c a0 3a 8e
01c0 c6 9a b0 f5 3e 00 18 cb 5a 97 e8 17 e1 fb 01 2d
01d0 6c 8c a5 06 77 ba 67 58 bf dd ae 04 6c 0f 61 11
01e0 58 e2 cf 4d 55 34 9f 4a dd 4b 5d 2b 37 b9 f9 4b
01f0 ef eb 30 03 d9 41 f9 fe e4 62 06 46 36 e2 21 57
Signature matches Public Key
Root Certificate: Subject matches Issuer
Key Id Hash(rfc-sha1): 26e5f8573bc898f9bed9f48fd9908384968ad05a
Key Id Hash(sha1): 0b50d92545830c832b9b00d0e3559da055aab019
Key Id Hash(md5): 8ea83fec1129b5b87ef9ef3b3a6ee165
Key Id Hash(sha256): 579e00427dd91039daa1f1598784dea40ea1c430213be7dcde41080c52f150a9
Cert Hash(md5): 4a01f3141a1ac6b6a94b607aa4ccdb60
Cert Hash(sha1): 310856669aadc1ad943a45c177f192e48e5d665a
Cert Hash(sha256): dae2dc47ff2393115cac0e76a9a08ae2d38c1864d8ce25140c1e9c3ef1ccf90d
Signature Hash: 07431f8ecbddc725e78532cd1bf15076013ad53c63c522a11ef714bd2cc0ae8f
CertUtil: -dump command completed successfully.
答案1
您的服务器证书缺失,很重要扩展让现代浏览器满意。事实上,它缺少所有扩展,因为它是版本 1 证书(第 3 行),其日期早于扩展。
如果你查看任何网站的证书,你都会看到证书中的扩展名。在这种情况下,最重要的是主题备用名称扩展,其中列出了证书有效的所有 DNS 域。由于您没有这个,浏览器不知道证书是否对您的域有效。以下是此站点的 Let's Encrypt 证书:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:4a:72:43:1b:35:86:e7:d1:f9:22:2b:03:f6:9e:15:3e:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Validity
Not Before: Jul 26 14:38:33 2019 GMT
Not After : Oct 24 14:38:33 2019 GMT
Subject: CN = *.stackexchange.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:32:f8:05:bf:e1:14:7c:7c:39:f4:ce:37:c6:
ab:27:e2:7f:6d:73:68:8a:87:a2:c6:1e:f1:bd:39:
a3:52:86:99:a8:2d:45:91:e3:f6:ee:ea:ed:0b:ce:
6a:a9:30:94:97:83:5e:78:d9:8c:db:1a:e2:bc:e0:
ee:b2:b9:f9:b6:80:5a:e3:45:16:b2:fb:42:b7:ca:
e9:57:6d:87:fa:4a:44:6b:0b:5c:b4:12:63:17:a9:
13:2e:fd:85:0c:09:dd:43:c7:78:60:c6:d1:c2:b7:
56:61:d4:9e:72:b7:ea:64:5b:68:0f:d1:b4:5e:73:
08:6d:a5:ee:49:4f:e1:e6:d7:83:bd:4e:19:1a:e4:
4c:86:11:30:3a:a5:60:e9:fe:32:40:e1:be:8d:04:
80:28:a0:7a:7f:37:85:84:29:46:d3:93:8c:21:a1:
f6:cf:00:bd:dc:96:df:0c:94:c8:a3:b0:41:6d:1e:
4a:86:c0:51:c3:9a:7a:8c:55:e3:de:86:7d:1f:3d:
fb:0d:1f:83:ef:23:f6:f3:2a:a2:ff:47:87:a9:cd:
8e:d5:f2:3c:84:1b:88:34:86:63:15:a6:5d:c3:5b:
e8:04:65:20:88:d9:70:4d:d2:31:45:04:38:fa:b9:
3d:04:69:70:19:91:ef:65:79:18:a6:63:50:27:df:
87:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
F0:61:88:B2:8F:1D:EB:1E:FF:68:BC:BD:7A:D0:AF:9C:0C:34:09:18
X509v3 Authority Key Identifier:
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
Authority Information Access:
OCSP - URI:http://ocsp.int-x3.letsencrypt.org
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
X509v3 Subject Alternative Name:
DNS:*.askubuntu.com, DNS:*.blogoverflow.com, DNS:*.mathoverflow.net, DNS:*.meta.stackexchange.com, DNS:*.meta.stackoverflow.com, DNS:*.serverfault.com, DNS:*.sstatic.net, DNS:*.stackexchange.com, DNS:*.stackoverflow.com, DNS:*.stackoverflow.email, DNS:*.superuser.com, DNS:askubuntu.com, DNS:blogoverflow.com, DNS:mathoverflow.net, DNS:openid.stackauth.com, DNS:serverfault.com, DNS:sstatic.net, DNS:stackapps.com, DNS:stackauth.com, DNS:stackexchange.com, DNS:stackoverflow.blog, DNS:stackoverflow.com, DNS:stackoverflow.email, DNS:stacksnippets.net, DNS:superuser.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
Timestamp : Jul 26 15:38:33.994 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:7D:17:02:B0:E0:A5:DF:17:47:8A:7E:BA:
3F:62:2A:6F:16:12:27:BC:8A:A7:9E:A4:A7:1C:1B:28:
7C:13:0F:C0:02:20:52:E6:59:81:92:45:C3:43:CD:D4:
23:60:25:F5:62:A6:8E:A7:6F:15:65:55:C7:C0:B4:B1:
68:39:5A:D3:42:E3
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 63:F2:DB:CD:E8:3B:CC:2C:CF:0B:72:84:27:57:6B:33:
A4:8D:61:77:8F:BD:75:A6:38:B1:C7:68:54:4B:D8:8D
Timestamp : Jul 26 15:38:34.021 2019 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:BE:8C:78:FB:03:2A:48:6A:41:7D:EA:
CC:C2:C8:D7:AB:11:0C:66:2B:E1:89:C9:51:ED:B5:D3:
6B:77:B0:2B:6C:02:20:63:F3:CE:77:16:A4:0B:E6:42:
0C:8F:B1:E1:4D:AA:0E:62:D1:DB:41:0E:65:A5:C1:B2:
D0:DD:15:2D:07:98:BE
Signature Algorithm: sha256WithRSAEncryption
1c:83:57:15:ad:f4:d5:2a:c1:51:c0:ab:cb:29:42:83:ab:19:
53:88:ea:9b:a9:21:cf:e6:0a:e4:c7:b8:06:9f:c1:a7:3d:6d:
b6:b2:83:d6:34:2c:0d:5f:6b:f0:10:a0:1a:75:31:fa:54:54:
6e:46:ee:2c:b6:23:3f:f0:77:f1:ed:06:33:c1:91:83:55:c4:
99:4b:04:46:83:b9:d3:26:5a:30:f0:c5:32:08:1b:d6:7a:7c:
dd:d5:9b:24:68:37:70:79:d3:70:2f:a2:81:fa:88:72:1d:69:
eb:67:d6:53:2b:25:0c:46:23:ab:9b:39:fe:06:bc:38:a4:a8:
b9:59:05:31:c7:f3:0f:a2:91:98:86:b6:d2:a1:37:04:72:ca:
9c:78:78:a3:20:62:81:6a:a7:a9:a9:ff:8e:7d:69:4c:ef:97:
9d:a8:a3:66:88:1a:37:2e:74:4b:5e:42:cd:07:96:cb:b2:4d:
fd:3f:ae:cf:ad:88:ed:50:86:e0:b8:d0:75:7c:75:cb:17:97:
7e:5e:09:98:0b:4c:ce:53:c6:2b:ef:d0:47:84:2d:56:5d:6c:
82:92:0b:89:e1:54:0f:36:eb:56:7f:05:1f:b4:44:32:3c:c8:
37:d6:11:c2:36:13:eb:f3:de:ba:99:2a:b7:f0:26:73:6a:fc:
37:ea:73:76
刚过一半的是:
X509v3 Subject Alternative Name:
DNS:*.askubuntu.com, DNS:*.blogoverflow.com, DNS:*.mathoverflow.net, DNS:*.meta.stackexchange.com, DNS:*.meta.stackoverflow.com, DNS:*.serverfault.com, DNS:*.sstatic.net, DNS:*.stackexchange.com, DNS:*.stackoverflow.com, DNS:*.stackoverflow.email, DNS:*.superuser.com, DNS:askubuntu.com, DNS:blogoverflow.com, DNS:mathoverflow.net, DNS:openid.stackauth.com, DNS:serverfault.com, DNS:sstatic.net, DNS:stackapps.com, DNS:stackauth.com, DNS:stackexchange.com, DNS:stackoverflow.blog, DNS:stackoverflow.com, DNS:stackoverflow.email, DNS:stacksnippets.net, DNS:superuser.com
列出了证书有效的所有站点。您的服务器证书中也需要类似的内容。
现代 CA 应用程序将始终添加此扩展,除非您特意将其删除。证书是否使用 OpenSSL 生成?:-) 如果是,以下 OpenSSL 配置文件将允许您使用更合适的扩展创建证书签名请求:
# OpenSSL configuration
[ req ]
prompt = no
string_mask = default
# The size of the keys in bits:
default_bits = 2048
distinguished_name = req_dn
req_extensions = req_ext
[ req_dn ]
# Note that the following are in 'reverse order' to what you'd expect to see in
# Windows
# Locality style:
countryName = CA
stateOrProvinceName = ON
localityName = Toronto
organizationName = Boss Insights
organizationalUnitName = DevOps
commonName = Boss Insights
[ req_ext ]
subjectKeyIdentifier = hash
keyUsage = critical, digitalSignature
extendedKeyUsage=serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = files.bossinsights.com
# DNS.2 = www.bossinsights.com
# DNS.3 = bossinsights.com
# Add more DNS entries here, but make sure the number following 'DNS'
# are unique. No need to be sequential, just unique.
#
# For a wildcard certificate, you will need just:
# DNS.1 = bossinsight.com
# DNS.2 = *.bossinsight.com
使用以下命令创建请求:
openssl req -new -keyout BossInsight.key -out BossInsight.req -config BossInsight.cnf -nodes
注意:这-nodes会停止 OpenSSL 密码保护私钥。如果您需要受保护的密钥,请将其删除。
最后,传递BossInsight.req给您的 CA。