openssl:错误“证书链中的自签名证书"; [英] Openssl : error "self signed certificate in certificate chain"
问题描述
当我使用openssl API验证服务器证书(自签名)时,出现以下错误:
When I used openssl APIs to validate server certificate (self signed), I got following error :
1 深度查找错误 19:证书中的自签名证书链
error 19 at 1 depth lookup:self signed certificate in certificate chain
根据 openssl 文档,此错误 (19) 是
As per openssl documentation, this error (19) is
"X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:自签名证书位于证书链-可以使用不受信任的证书,但无法在本地找到根."
"X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain - the certificate chain could be built up using the untrusted certificates but the root could not be found locally."
为什么会出现此错误?我的服务器证书有任何问题吗?
Why this error occurs ? Any problems with my server certificate ?
推荐答案
您有一个自签名证书,因此默认情况下它是不可信,这就是OpenSSL抱怨的原因.此警告实际上是一件好事,因为由于 man-中间攻击.
You have a certificate which is self-signed, so it's non-trusted by default, that's why OpenSSL complains. This warning is actually a good thing, because this scenario might also rise due to a man-in-the-middle attack.
要解决此问题,您需要将其安装为受信任的服务器.如果它是由不受信任的CA签署的,则还必须安装该CA的证书.
To solve this, you'll need to install it as a trusted server. If it's signed by a non-trusted CA, you'll have to install that CA's certificate as well.
看看此链接有关安装自我安装程序的信息签名证书.
Have a look at this link about installing self-signed certificates.
这篇关于openssl:错误“证书链中的自签名证书";的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!