IOS 14 - 自签名证书 - 不可信
[英]IOS 14 - Self signed certificate - not trustable
问题描述
I create a self signed certificate by using this
我使用这个创建了一个自签名证书
openssl req \
-newkey rsa:2048 \
-x509 \
-nodes \
-keyout myKey.key \
-new \
-out myCert.crt \
-subj /CN=my.domaine.any \
-config ./myConfig.cnf \
-reqexts SAN \
-extensions SAN \
-sha256 \
-days 365
the content of myConfig is myConfig 的内容是
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = SAN
extensions = SAN
[ req_distinguished_name ]
countryName = myCountry
stateOrProvinceName = myProvince
localityName = myCity
organizationName = myOrgan
[SAN]
subjectAltName = DNS:my.domaine.any
extendedKeyUsage = serverAuth
I check the IOS certificate requirement that I find here https://support.apple.com/en-us/HT210176 (I hope, I have everything).我检查了我在这里找到的 IOS 证书要求https://support.apple.com/en-us/HT210176 (我希望,我拥有一切)。
I ame able to install the certificate into Setting > General > Profile.我可以将证书安装到设置 > 常规 > 配置文件中。
But I can't trust my certificate because when I'm going to Setting > General > About > Certificate Trust Settings, I didn't see any certificate.但是我不能信任我的证书,因为当我去设置 > 通用 > 关于 > 证书信任设置时,我没有看到任何证书。
Any clue ?任何线索?
2 个解决方案
解决方案1
5 2020-08-27 08:49:12
I found what's was missing into my configuration.我发现我的配置中缺少什么。
should add in [SAN] part应该添加在 [SAN] 部分
basicConstraints=CA:TRUE,pathlen:0
and it work !它起作用了!
解决方案2
0 2021-12-20 19:09:23
Make sure when you send the certificate to your phone you don't also export the private key.确保将证书发送到手机时,不要同时导出私钥。 Safari won't trust and it won't appear under the Certificate Trust Settings . Safari 不会信任它,它也不会出现在Certificate Trust Settings 。
I'm using Powershell on Windows and was using the command Export-PFXCertificate which includes the private key.我在 Windows 上使用 Powershell,并使用包含私钥的命令Export-PFXCertificate 。 Instead using the command Export-Certificate worked.而是使用命令Export-Certificate起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.