OpenSSL - 0 深度查找时出现错误 18:自签名证书
我试图创建一个与 MySQL 一起使用的 SSL 证书,就像这里提到的那样:http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html
I was trying to create a SSL certificate to use with MySQL as like mentioned here : http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html
在验证证书时出现以下错误
While verifying the certificates I got the following error
# openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
server-cert.pem: C = IN, ST = KERALA, L = COCHIN, O = ABCD, OU = OPERATIONAL, CN = SATHISH, emailAddress = sathish@abcd.com
error 18 at 0 depth lookup:self signed certificate
OK
client-cert.pem: C = IN, ST = KERALA, L = COCHIN, O = ABCD, OU = OPERATIONAL, CN = sathish, emailAddress = sathish@abcd.com
error 18 at 0 depth lookup:self signed certificate
OK
有人可以帮助我根据上述链接中的文档生成没有任何错误的密钥.
Could someone help me on generating keys without any errors based on the document in the above link.
推荐答案
我想你错过了这部分说明:
I think you missed this part of the instructions:
无论您使用什么方法生成证书和密钥文件,用于服务器和客户端证书/密钥的通用名称值每个都必须与用于 CA 的 Common Name 值不同证书.否则,证书和密钥文件将不起作用用于使用 OpenSSL 编译的服务器.
Whatever method you use to generate the certificate and key files, the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files will not work for servers compiled using OpenSSL.
当 OpenSSL 提示您输入每个证书的通用名称时,请使用不同的名称.
When OpenSSL prompts you for the Common Name for each certificate, use different names.
相关文章