堆栈内存溢出
  简体   繁体   English

OpenSSL - 0 深度查找错误 18:自签名证书

[英]OpenSSL - error 18 at 0 depth lookup:self signed certificate

 原文  2013-11-01 11:46:23       mysql/ ssl/ openssl

问题描述

I was trying to create a SSL certificate to use with MySQL as like mentioned here: http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html我正在尝试创建一个 SSL 证书以与 MySQL 一起使用,如下所述: http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html

While verifying the certificates I got the following error验证证书时出现以下错误

  # openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
    server-cert.pem: C = IN, ST = KERALA, L = COCHIN, O = ABCD, OU = OPERATIONAL, CN = SATHISH, emailAddress = sathish@abcd.com
    error 18 at 0 depth lookup:self signed certificate
    OK
    client-cert.pem: C = IN, ST = KERALA, L = COCHIN, O = ABCD, OU = OPERATIONAL, CN = sathish, emailAddress = sathish@abcd.com
    error 18 at 0 depth lookup:self signed certificate
    OK

Could someone help me on generating keys without any errors based on the document in the above link.有人可以根据上面链接中的文档帮助我生成密钥而不会出现任何错误。

2 个解决方案

解决方案1
 79  2013-11-02 02:07:27

I think you missed this part of the instructions: 我想你错过了这部分说明:

Whatever method you use to generate the certificate and key files, the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. 无论您使用哪种方法生成证书和密钥文件,用于服务器和客户端证书/密钥的公用名称值都必须与用于CA证书的公用名称值不同。 Otherwise, the certificate and key files will not work for servers compiled using OpenSSL. 否则,证书和密钥文件将不适用于使用OpenSSL编译的服务器。

When OpenSSL prompts you for the Common Name for each certificate, use different names. 当OpenSSL提示您输入每个证书的公用名时,请使用不同的名称。

解决方案2
 1  2022-03-25 14:16:51

When you use openssl command that creates the certificates and keys, it will ask you to fill some fields, and you will come across Common Name option like following:当您使用创建证书和密钥的openssl命令时,它会要求您填写一些字段,您会遇到如下所示的Common Name选项:

Common Name (e.g. server FQDN or YOUR name) []:

In this case you need to provide a different name each time and not to let it use the default value.在这种情况下,您需要每次都提供不同的名称,而不是让它使用默认值。

For example:例如:

CA Cert: app-ca-cert. CA 证书:app-ca-cert。

Server Cert: app-server-cert.服务器证书:应用程序服务器证书。

Client Cert: app-client-cert.客户端证书:app-client-cert。

As the guide explained正如指南所解释的

Important重要的

Whatever method you use to generate the certificate and key files, the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate.无论您使用什么方法生成证书和密钥文件,用于服务器和客户端证书/密钥的 Common Name 值都必须不同于用于 CA 证书的 Common Name 值。 Otherwise, the certificate and key files do not work for servers compiled using OpenSSL.否则,证书和密钥文件不适用于使用 OpenSSL 编译的服务器。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 4表深度mysql查找 - 4 Table depth mysql lookup 具有自签名证书的PDO - PDO with self signed certificates 自签名tomcat和mysql / mariadb - self signed tomcat and mysql/mariadb 自联接以在mysql中获得最大深度 - Self join to get maximum number of depth in mysql 在没有openssl命令的情况下获取SSL证书到期 - Get SSL Certificate expiration WITHOUT openssl command 具有自签名的C#连接mysql - C# Connection mysql with self signed RDS DNS查找错误 - RDS DNS lookup error SSL自签名证书,用于与Mysql连接 - SSL self-signed certifications to connect with Mysql with PHP PHP 5.6,MySQL,SSL和自签名证书 - PHP 5.6, MySQL, SSL and self-signed certificates MariaDB SSL 使用自签名客户端证书和letsencrypt签名服务器证书 - MariaDB SSL using self signed client cert with letsencrypt signed server cert
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM