SSL:不支持主题备用名称

问题描述 投票:1回答:1

我正在尝试制作自签名证书LibSSL 1.1.0,但出现以下错误:

openssl req -new -x509 -subj "/CN=demoCA" -extensions v3_ca -days 3650 -key ca.key.pem -sha256 -out ca.pem -config $prefix.cnf
Error Loading request extension section v3_req
139919553671616:error:22075075:X509 V3 routines:v2i_GENERAL_NAME_ex:unsupported option:../crypto/x509v3/v3_alt.c:531:name=subjectKeyIdentifier
139919553671616:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=subjectAltName, value=@alt_names

prefix.conf:

x509_extensions = v3_ca # The extensions to add to the self signed cert
req_extensions = v3_req

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#extendedKeyUsage=serverAuth
subjectAltName = @alt_names
# Extensions to add to a certificate request

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical, CA:TRUE, pathlen:3
keyUsage = critical, cRLSign, keyCertSign
nsCertType = sslCA, emailCA

[ alt_names ]
//Tried many alternatives below, name, email, etc. 
DNS.1 = %%DOMAIN%%
ssl openssl ssl-certificate
1个回答
0
投票

您是否解决过此问题?我遇到了同样的问题,这些链接对我有帮助,但从未解决过]

How can I generate a self-signed certificate with SubjectAltName using OpenSSL?

https://www.crsr.net/Notes/SSL.html

© www.soinside.com 2019 - 2024. All rights reserved.