SSL證書問題：自簽名證書

Question

在對專用服務器執行https請求時，我無法驗證證書

我運行此命令來創建我的證書和私鑰：

openssl req -x509 -newkey rsa:4096 -keyout key.pem -passout file:passphrase.txt -out cert.pem -days 365

當我運行命令查看證書和密鑰是否匹配時，它們匹配

然后，我已經設置了我的ssl服務器：

server {

# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
server_name mydomain.com;
ssl on;
ssl_certificate           /pathtocert.pem;
ssl_certificate_key       /pathtokey.pem;
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
ssl_password_file         /pathtopassphrase.txt;

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /pathtocert.pem;
# Google DNS, Open DNS, Dyn DNS
resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 216.146.35.35 216.146.36.36 valid=300s;
resolver_timeout 3s;

但是當我執行我的curl請求時：

// OPTIONS:
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
  "APIKEY: " . self::APIKEY,
  'Content-Type: application/json',
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);

//curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_CAINFO, public_path() . "\CA\Something.crt");

// EXECUTE:
$result = curl_exec($curl);

我收到如下證書問題：

SSL：無法從對等證書中獲取通用名稱

我只需要保護我的API，這就是我的目標。

Answer 1

我正在使用這些命令進行創建，並且每次都對我有用。

$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
$ openssl rsa -passin pass:x -in server.pass.key -out server.key
$ rm server.pass.key
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

這是我的nginx.conf

server {
    listen 443 default_server ssl http2;

    server_name IP_ADRESS;

    ssl_certificate /home/NAMEOFCOMPUTER/keys/server.crt;
    ssl_certificate_key /home/NAMEOFCOMPUTER/keys/server.key;
    ssl_session_cache shared:SSL:10m;

    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.kibana;

    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}