OpenSSL-在0深度查找时出现错误18:自签名证书 [英] OpenSSL - error 18 at 0 depth lookup:self signed certificate

问题描述

我试图创建一个SSL证书以与MySQL一起使用，如此处所述:

I was trying to create a SSL certificate to use with MySQL as like mentioned here : http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html

在验证证书时，出现以下错误

While verifying the certificates I got the following error

  # openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
    server-cert.pem: C = IN, ST = KERALA, L = COCHIN, O = ABCD, OU = OPERATIONAL, CN = SATHISH, emailAddress = sathish@abcd.com
    error 18 at 0 depth lookup:self signed certificate
    OK
    client-cert.pem: C = IN, ST = KERALA, L = COCHIN, O = ABCD, OU = OPERATIONAL, CN = sathish, emailAddress = sathish@abcd.com
    error 18 at 0 depth lookup:self signed certificate
    OK

有人可以根据以上链接中的文档帮助我生成密钥而没有任何错误.

Could someone help me on generating keys without any errors based on the document in the above link.

推荐答案

我认为您错过了这部分说明:

I think you missed this part of the instructions:

无论使用哪种方法生成证书和密钥文件， 用于服务器和客户端证书/密钥的通用名称值 每个都必须与用于CA的Common Name值不同 证书.否则，证书和密钥文件将不起作用 对于使用OpenSSL编译的服务器.

Whatever method you use to generate the certificate and key files, the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files will not work for servers compiled using OpenSSL.

当OpenSSL提示您输入每个证书的通用名称时，请使用不同的名称.

When OpenSSL prompts you for the Common Name for each certificate, use different names.

这篇关于OpenSSL-在0深度查找时出现错误18:自签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！