我按照这个网站上的指示去做了(https://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-an-apache-server.html) 将我的 GoDaddy.com 证书从 Windows Server 2003 计算机迁移到运行 Debian 和 Apache (v 2.4.10) 的服务器。我将 .pfx 文件转换为 .txt 文件并打开它以提取私钥和证书。但是,我的文件有三个证书,而不仅仅是教程中的一个。那么,哪个部分是我的 SSLCertificateFile、SSLCertificateKeyFile 或 SSLCertificateChainFile?我尝试将顶部部分添加为我的私钥,将第二部分添加为我的证书,但在 Chrome 中,当我导航到我的网站时,我收到“NET:ERR_CERT_AUTHORITY_INVALID”消息。任何帮助都将不胜感激。
Bag Attributes
Microsoft Local Key set: <No Values>
localKeyID: 01 00 00 00
Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
friendlyName: 921ddddfb37214c2d5593e0c9b386a34_bc31898e-7ad7-4e24-9c39-0088bf3b937a
Key Attributes
X509v3 Key Usage: 10
-----BEGIN ENCRYPTED PRIVATE KEY-----
Some Text Here
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
localKeyID: 01 00 00 00
subject=/OU=Domain Control Validated/CN=example.com
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
-----BEGIN CERTIFICATE-----
More Text here
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Go Daddy Root Certificate Authority G2
subject=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
-----BEGIN CERTIFICATE-----
Other Text here as well
-----END CERTIFICATE-----
Bag Attributes: <Empty Attributes>
subject=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
-----BEGIN CERTIFICATE-----
Last bit of text here
-----END CERTIFICATE-----
(为了便于阅读和保证安全,删除了证书文本)
答案1
文本:
-----BEGIN ENCRYPTED PRIVATE KEY-----
Some Text Here
-----END ENCRYPTED PRIVATE KEY-----
是加密的 PKCS#8 私钥,应将其放在文件中,并使用以下命令删除密码:
openssl pkcs8 -topk8 -inform PEM -in <in file> -nocrypt -out private.key
请注意,上述命令将要求输入密码。
该private.key
文件由 指向SSLCertificateKeyFile
。
各部分内容如下:
-----BEGIN CERTIFICATE-----
Text here
-----END CERTIFICATE-----
是您的证书。它们需要放置在以下文件中:
下面subject=/OU=Domain Control Validated/CN=example.com
是您的站点证书,应该放在 指向的文件中SSLCertificateFile
。
最后一个是您的颁发 CA 的证书,应放在 指向的文件中SSLCertificateChainFile
。
剩下的一个(上面两个证书之间的那个)是根 CA 证书,它应该已经存储在所有客户端的信任锚存储中。您不需要对它做任何事情。