XAMPP中LAN上的localhost自签名证书
问题描述 投票:0回答:1
我有本地主机与ssl并在我的本地电脑上正常工作,但ssl无法在局域网上工作。因为我使用的是自签名证书,所以我必须在我打开网站的每台PC上安装证书,但它只能在托管网站的PC上工作,而不能在局域网上的其他PC上工作。
我不想在线托管我的网站,因为我处于开发模式。
My Local PC:
host file:
127.0.0.1 gofashion_chat.test
httpd-xampp.conf
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs/gofashion"
ServerName gofashion_chat.test
ServerAlias *.gofashion_chat.test
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "C:/xampp/htdocs/gofashion"
ServerName gofashion_chat.test
ServerAlias *.gofashion_chat.test
SSLEngine on
SSLCertificateFile "C:/xampp/htdocs/gofashion/cert/gofashion_chat.test/server.crt"
SSLCertificateKeyFile "C:/xampp/htdocs/gofashion/cert/gofashion_chat.test/server.key"
</VirtualHost>
Certificate in browser:
PC on LAN:
host file:
192.168.10.7 gofashion_chat.test
Certificate in browser on LAN PC:
在两台PC上都安装了server.crt
如何解决局域网中的ssl问题?
编辑:
这是我用来生成证书的bat文件
@echo off
set /p domain="Enter Domain without TLD (E.g 'facebook', 'google'): "
set /p com_tld="Enter Domain TLD (E.g 'com', 'test'): "
SET HOSTNAME=%domain%
SET DOT=%com_tld%
SET COUNTRY=US
SET STATE=KS
SET CITY=Olathe
SET ORGANIZATION=IT
SET ORGANIZATION_UNIT=IT Department
SET FULL_DOMAIN=%HOSTNAME%.%DOT%
SET EMAIL=webmaster@%FULL_DOMAIN%
SET OPENSSL_CONF=C:\xampp\apache\conf\openssl.cnf
if not exist .\%HOSTNAME%.%DOT% mkdir .\%FULL_DOMAIN%
(
echo [req]
echo default_bits = 2048
echo prompt = no
echo default_md = sha256
echo req_extensions = v3_req
echo x509_extensions = x509_ext
echo distinguished_name = dn
echo:
echo [dn]
echo C = %COUNTRY%
echo ST = %STATE%
echo L = %CITY%
echo O = %ORGANIZATION%
echo OU = %ORGANIZATION_UNIT%
echo emailAddress = %EMAIL%
echo CN = %FULL_DOMAIN%
echo:
echo [v3_req]
echo subjectAltName = @alt_names
echo subjectKeyIdentifier = hash
echo authorityKeyIdentifier = keyid:always, issuer:always
echo basicConstraints = critical, CA:TRUE, pathlen:1
echo keyUsage = critical, cRLSign, digitalSignature, keyCertSign
echo nsComment = "OpenSSL Generated Certificate"
echo:
echo [x509_ext]
echo subjectAltName = @alt_names
echo subjectKeyIdentifier = hash
echo authorityKeyIdentifier = keyid:always, issuer:always
echo basicConstraints = critical, CA:TRUE, pathlen:1
echo keyUsage = critical, cRLSign, digitalSignature, keyCertSign
echo nsComment = "OpenSSL Generated Certificate"
echo:
echo [alt_names]
echo DNS.1 = *.%FULL_DOMAIN%
echo DNS.2 = %FULL_DOMAIN%
)>%FULL_DOMAIN%\%HOSTNAME%.cnf
C:\xampp\apache\bin\openssl req -new -x509 -newkey rsa:2048 -sha256 -nodes -keyout %FULL_DOMAIN%\server.key -days 356 -out %FULL_DOMAIN%\server.crt -config %FULL_DOMAIN%\%HOSTNAME%.cnf
echo.
echo -----
echo The certificate was provided.
echo.
pause
这是我用来生成证书的另一个。
@echo off
set /p domain="Enter Domain without TLD (E.g 'facebook', 'google'): "
set /p com_tld="Enter Domain TLD (E.g 'com', 'test'): "
SET HOSTNAME=%domain%
SET DOT=%com_tld%
SET COUNTRY=US
SET STATE=KS
SET CITY=Olathe
SET ORGANIZATION=IT
SET ORGANIZATION_UNIT=IT Department
SET FULL_DOMAIN=%HOSTNAME%.%DOT%
SET EMAIL=webmaster@%FULL_DOMAIN%
SET OPENSSL_CONF=C:\xampp\apache\conf\openssl.cnf
if not exist .\%HOSTNAME%.%DOT% mkdir .\%FULL_DOMAIN%
(
echo [ req ]
echo default_bits = 2048
echo default_keyfile = server-key.pem
echo distinguished_name = subject
echo req_extensions = req_ext
echo x509_extensions = x509_ext
echo string_mask = utf8only
echo:
echo [ subject ]
echo countryName = Country Name ^(2 letter code^)
echo countryName_default = %COUNTRY%
echo stateOrProvinceName = State or Province Name ^(full name^)
echo stateOrProvinceName_default = %STATE%
echo localityName = Locality Name ^(eg, city^)
echo localityName_default = %CITY%
echo organizationName = Organization Name ^(eg, company^)
echo organizationName_default = %ORGANIZATION%
echo commonName = Common Name ^(e.g. server FQDN or YOUR name^)
echo commonName_default = %HOSTNAME%.%DOT%
echo emailAddress = Email Address
echo emailAddress_default = %EMAIL%
echo:
echo [ x509_ext ]
echo subjectKeyIdentifier = hash
echo authorityKeyIdentifier = keyid,issuer
echo basicConstraints = CA:FALSE
echo keyUsage = digitalSignature, keyEncipherment
echo subjectAltName = @alternate_names
echo nsComment = "OpenSSL Generated Certificate"
echo:
echo [ req_ext ]
echo subjectKeyIdentifier = hash
echo basicConstraints = CA:FALSE
echo keyUsage = digitalSignature, keyEncipherment
echo subjectAltName = @alternate_names
echo nsComment = "OpenSSL Generated Certificate"
echo:
echo [ alternate_names ]
echo:
echo DNS.1 = *.%HOSTNAME%.%DOT%
echo DNS.2 = %HOSTNAME%.%DOT%
)>%FULL_DOMAIN%\%HOSTNAME%.cnf
C:\xampp\apache\bin\openssl req -new -x509 -newkey rsa:2048 -sha256 -nodes -keyout %FULL_DOMAIN%\server.key -days 356 -out %FULL_DOMAIN%\server.crt -config %FULL_DOMAIN%\%HOSTNAME%.cnf
echo.
echo -----
echo The certificate was provided.
echo.
pause
1个回答
0
投票
投票
您的屏幕截图显示允许使用的证书用于此目的
- 所有发行政策
- 所有申请政策
但是您希望将其用作Web服务器证书,因此证书需要以下用途:
- 确保远程计算机的身份
我假设在您的计算机上它可以正常工作,因为Web浏览器识别出服务器在本地网络接口上运行 - 因此它不是“远程计算机”,因此它在证书中不允许这样做。
最新问题
- 使用 github 和 AWS lambda 的最佳实践?
- Console.Log in Apps Script 返回正确的顺序,但 Google Sheets 不返回
- SweetAlert2 按 Return 触发时消失
- 使用 Beautiful Soup 获取第二个 srcset 属性
- 如何在 Dart 中处理“通用”时间? (与具体日期无关)
- 我已经在防火墙d中的端口添加了丰富的规则,但我仍然可以从其他IP地址访问该端口
- 使用 Angular18 运行 `ng build` 时出现 ngcc 错误
- GoLang Mochi MQTT 服务器与 Python Paho MQTT 客户端 TLS 身份验证验证失败
- p-table 保持第一列固定/冻结
- Python ctypes,将 c_void_p 作为输出参数传递给 c 函数
- Azure Pipeline 生成 swagger dotnet api
- 仅适用于一个平台的代码。统一 2d
- 如何从长纪元时间(以毫秒为单位)创建 Java 8 LocalDate?
- ORC在LLVM中代表什么?
- Apple 第三方隐私清单要求
- 如何检测模板函数应该施加更严格的概念
- 如何通过 NavigationLink 将 ForEach 变量传递到 Binding 中
- Discord.py 机器人几分钟后就会离线
- 如何让pyparsing匹配“1天”或“2天”但失败“1天”和“2天”?
- 如何在我的 django 项目中永久提交表单?
© www.soinside.com 2019 - 2024. All rights reserved.