GCE上的自签名SSL证书-'无法解析SSL证书' [英] self-signed SSL certificate on GCE -- 'SSL certificate could not be parsed'
问题描述
我有一个网站,例如mySite.com,它运行在Debian虚拟机Google Cloud Engine上.我希望在此网站上安装SSL证书,以便Firefox不会在登录字段上显示安全错误,因为这是一件事(对网络安全不太熟悉,请原谅措辞)
I have a website, say mySite.com running on Google Cloud Engine, a Debian virtual machine. I’m looking to install SSL certificate on this site so that Firefox won’t be showing the security error on login field for one thing (not well familiar with web security – excuse the naive wording)
我知道SSL应该由中央机构(CA)签名,为此,我可以i.)付费并使其由已知的CA签名,或者ii.)自己创建一个CA并签名我自己的认证而无需支付任何费用. 现在,我正在尝试第二种选择,以首先了解事物在GCE上的工作方式,以及它是否足以满足我的目的-也就是说,自我认证的SSL将为GCE提供安全性.
I’m aware that SSL should be signed by a Central Authority (CA), and for this, i can either i.) pay&get it signed by a known CA, or ii.) create a CA myself and sign my own certification without paying anything. I am now trying the second option to see first how things work on GCE, and whether it’s sufficient for my purposes – that is, self-certified SSL would provide the security on GCE.
我遵循了带有SSL的openSSL标志https_client证书上的命令并成功按顺序运行以下命令:
I followed the commands on openSSL sign https_client certificate with CA and successfully ran the following in order:
// Generate CA key and cert:
openssl genrsa -out msite.CA.key 2048
openssl req -x509 -new -key msite.CA.key -days 3650 -out msite.CA.pem -subj '/C=AA/ST=aa/L=aaa/O=msite/OU=msite/CN=aa/emailAddress=sth'
// Generate client key and csr:
openssl genrsa -out mySite.com.key 2048
openssl req -new -key mySite.com.key -out mySite.com.csr -subj '/C=BB/ST=bb/L=bb/O=msite/OU=msite/CN=bb/emailAddress=bbb'
// Generate client cert signed with CA cert:
openssl x509 -req -days 365 -CA msite.CA.pem -CAkey msite.CA.key -CAcreateserial -CAserial serial -in mySite.com.csr -out mySite.com.pem
// verify:
openssl verify -verbose -CAfile msite.CA.pem mySite.com.pem
// the output to this is "mySite.com.pem: OK"
到目前为止,一切似乎都还不错–以上所有命令运行都没有任何错误.此时,我运行了以下命令(来自 https://cloud.google .com/load-balancing/docs/ssl-certificates )
All seemed ok so far – all of the above commands ran without any errors. At this point, I ran the following (command from https://cloud.google.com/load-balancing/docs/ssl-certificates)
gcloud compute ssl-certificates create mysertificatee \
--certificate mySite.com.csr \
--private-key mySite.com.key
并收到错误:
ERROR: (gcloud.compute.ssl-certificates.create) Some requests did not succeed:
- The SSL certificate could not be parsed.
错误原因是什么?如何解决?
What is the cause of the error? How to fix it?
推荐答案
gcloud compute ssl-certificates create mysertificatee \
--certificate mySite.com.csr \
--private-key mySite.com.key
--certificate的参数应为证书,即mySite.com.pem.取而代之的是CSR mySite.com.csr.
The argument for --certificate should be the certificate, i.e. mySite.com.pem. Instead the CSR mySite.com.csr was given.
这篇关于GCE上的自签名SSL证书-'无法解析SSL证书'的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
