OpenSSL - 0 深度查找时出现错误 18:自签名证书

2022-01-07 00:00:00 ssl openssl mysql

我试图创建一个与 MySQL 一起使用的 SSL 证书,就像这里提到的那样:http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html

I was trying to create a SSL certificate to use with MySQL as like mentioned here : http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html

在验证证书时出现以下错误

While verifying the certificates I got the following error

  # openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
    server-cert.pem: C = IN, ST = KERALA, L = COCHIN, O = ABCD, OU = OPERATIONAL, CN = SATHISH, emailAddress = sathish@abcd.com
    error 18 at 0 depth lookup:self signed certificate
    OK
    client-cert.pem: C = IN, ST = KERALA, L = COCHIN, O = ABCD, OU = OPERATIONAL, CN = sathish, emailAddress = sathish@abcd.com
    error 18 at 0 depth lookup:self signed certificate
    OK

有人可以帮助我根据上述链接中的文档生成没有任何错误的密钥.

Could someone help me on generating keys without any errors based on the document in the above link.

推荐答案

我想你错过了这部分说明:

I think you missed this part of the instructions:

无论您使用什么方法生成证书和密钥文件,用于服务器和客户端证书/密钥的通用名称值每个都必须与用于 CA 的 Common Name 值不同证书.否则,证书和密钥文件将不起作用用于使用 OpenSSL 编译的服务器.

Whatever method you use to generate the certificate and key files, the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files will not work for servers compiled using OpenSSL.

当 OpenSSL 提示您输入每个证书的通用名称时,请使用不同的名称.

When OpenSSL prompts you for the Common Name for each certificate, use different names.

相关文章