我已经检查过以下答案,并且它似乎不相关:我尝试信任自签名 CA 证书。
我使用以下配置生成了一个证书
[req]
prompt = no
default_bits = 2048
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
[subject]
commonName = localhost
[req_ext]
basicConstraints = critical, CA:true
subjectAltName = @alt_names
[x509_ext]
basicConstraints = critical, CA:true
keyUsage = critical, keyCertSign, cRLSign, digitalSignature,keyEncipherment
extendedKeyUsage = critical, serverAuth
subjectAltName = critical, @alt_names
1.3.6.1.4.1.311.84.1.1 = ASN1:UTF8String:ASP.NET Core HTTPS development certificate
[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1
然后
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout localhost.key \
-out localhost.crt \
-config localhost.conf
sudo cp localhost.crt /usr/share/ca-certificates/
su -
dpkg-reconfigure ca-certificates
然后我看到证书已安装
root@debian:~# ls -la /etc/ssl/certs | grep localhost
lrwxrwxrwx 1 root root 13 Jul 17 11:07 ce275665.0 -> localhost.pem
lrwxrwxrwx 1 root root 46 Jul 17 15:46 localhost.pem -> /usr/local/share/ca-certificates/localhost.crt
但是,当我尝试验证它时,它仍然失败
openssl verify localhost.crt
CN = localhost
error 18 at 0 depth lookup: self signed certificate
error localhost.crt: verification failed
sudo openssl verify /etc/ssl/certs/localhost.pem
CN = localhost
error 18 at 0 depth lookup: self signed certificate
error /etc/ssl/certs/localhost.pem: verification failed
Debian 12。此证书配置在 Fedora 中完美运行,我将其用于使用 HTTPS 的网络核心本地开发。