堆栈内存溢出
  简体   繁体   English

OpenSSL 生成自签名证书时 Req 出错

[英]OpenSSL Error in Req when generating self-signed certificate

 原文  2020-11-28 21:24:05       openssl/ ssl-certificate/ self-signed/ psd2

问题描述

I created CSR file eidas.csr following content我创建了 CSR 文件 eidas.csr 以下内容

    oid_section = OIDs

[ req ]
distinguished_name = dn
prompt = no

[ OIDs ]
OrganizationID=2.5.4.97

[ dn ]
O=Enable Banking Oy
L=Espoo
C=FI
OrganizationID=PSDFI-FINFSA-29884997
CN=enablebanking.com

I run the following command: openssl req -new -config eidas.conf -keyout eidas.key -out eidas.csr我运行以下命令: openssl req -new -config eidas.conf -keyout eidas.key -out eidas.csr

and I get the following error:我收到以下错误:

problem creating object OrganizationID=2.5.4.97
140676474279104:error:08064066:object identifier routines:OBJ_create:oid exists:../crypto/objects/obj_dat.c:709:
error in req

First PC: OpenSSL 1.1.1d 10 Sep 2019第一台 PC:OpenSSL 1.1.1d 2019 年 9 月 10 日

Operation System: Distributor ID: Kali Description: Kali GNU/Linux Rolling Release: 2020.1 Codename: kali-rolling操作系统:发行商 ID:Kali 描述:Kali GNU/Linux 滚动版本:2020.1 代号:kali-rolling

Second PC: OpenSSL 1.1.1h 22 Sep 2020 Operation System: Windows 10 Pr第二台电脑:OpenSSL 1.1.1h 22 Sep 2020 操作系统:Windows 10 Pr

HOWEVER, if I Change Oid declaration Line 2.5.4.97 whit 1.2.3.4 this succeeds但是,如果我将 Oid 声明行 2.5.4.97 更改为 1.2.3.4,则会成功

1 个解决方案

解决方案1
 3 已采纳  2020-11-28 22:08:34

In newer openssl version OID 2.5.4.97 is reserved for organizationIdentifier, so you can change your eidas.conf to the following and it should work.在较新的 openssl 版本中,OID 2.5.4.97 保留给组织标识符,因此您可以将 eidas.conf 更改为以下内容,它应该可以工作。

[ req ]
distinguished_name = dn
prompt = no

[ dn ]
O=Enable Banking Oy
L=Espoo
C=FI
organizationIdentifier=PSDFI-FINFSA-29884997
CN=enablebanking.com

Also not the values in [ dn ] section.也不是 [ dn ] 部分中的值。 Apparently you copied eidas.conf from https://enablebanking.com/blog/2020/01/13/how-to-generate-eidas-certificate/ and there the value were given just as an example and probably you would want to change them to describe your own organization, location and domain (although for psd2 sandboxes any values are likely to work).显然,您从https://enablebanking.com/blog/2020/01/13/how-to-generate-eidas-certificate/复制了 eidas.conf 并且该值仅作为示例给出,您可能想要更改它们来描述您自己的组织、位置和域(尽管对于 psd2 沙箱,任何值都可能有效)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 生成自签名证书字符串太长时的OpenSSL Config错误 - OpenSSL Config error when generating self-signed certificate string too long OpenSSL忽略自签名证书错误 - OpenSSL Ignore Self-signed certificate error 使用 openssl 生成自签名证书时如何设置密钥规范或 KEYEXCHANGE 属性 - How to set key spec or KEYEXCHANGE property when generating a self-signed certificate using openssl 使用 openSSL 验证我的自签名证书 - Verifying my self-signed certificate with openSSL 为什么 OpenSSL 说证书是由自签名不可信证书颁发的可信证书? - Why OpenSSL says the certificate is trusted when it is issued by self-signed untrusted certificate? 创建自签名SSL证书时出错 - Error when creating a self-signed SSL Certificate 自签名证书的随机数错误 - Random Number Error with Self-Signed Certificate 如何告诉Ruby的OpenSSL库忽略自签名证书错误? - How do I tell Ruby's OpenSSL library to ignore a self-signed certificate error? OpenSSL:创建具有许多中间证书级别的自签名 CA - OpenSSL: Create a self-signed CA with many intermediate certificate levels 如何使用自签名 OpenSSL 证书在 HTTPS 上测试 PWA? - How to test PWA on over HTTPS with self-signed OpenSSL certificate?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM