为域和子域创建自签名证书 - NET :: ERR_CERT_COMMON_NAME_INVALID [英] Creating self signed certificate for domain and subdomains - NET::ERR_CERT_COMMON_NAME_INVALID

问题描述

我遵循这个在Windows上为开发目的创建签名SSL证书的教程，它对我的​​一个域（我使用主机文件来模拟dns）非常有用。然后我想到我有很多子域名，这对于为每个子域创建一个证书是一个痛苦的屁股。因此，我尝试使用通配符在 Common 字段中创建一个证书，如serverfault中的某些答案所建议的。像这样：

 通用名称：* .myserver.net / CN = myserver.net 
  

但是，将此证书导入受信任的根证书颁发机构后，我将获得 NET :: ERR_CERT_COMMON_NAME_INVALID 错误，主域及其所有子网域，例如： https://sub1.myserver.net 和 https： //myserver.net 。

此服务器无法证明它是myserver.net;其安全证书
来自* .myserver.net / CN = myserver.net。

这可能是由于配置错误或攻击者拦截您的连接造成的。

在常见名称字段中有什么问题导致此错误？

解决方案

正如Rahul所说，这是一个常见的Chrome和OSX错误。我过去有类似的问题。实际上，我终于厌倦了测试本地网站进行工作的2次[是的，我知道这不是很多]。关于这个问题的一个可能的解决方法[使用Windows]，我会使用许多自签名证书实用程序可用的之一。

推荐步骤：

1. 创建自签证书


2. 将证书导入Windows证书管理器


3. 在Chrome证书管理器中导入证书注意： strong>步骤3将解决一旦遇到的问题，Google会处理错误...考虑到在可预见的将来没有ETA的时间已经过时。我喜欢使用Chrome进行开发最近发现自己在 Firefox Developer Edition 。没有这个问题。
   
   希望这有助于：）




I followed this tutorial for creating Signed SSL certificates on Windows for development purposes, and it worked great for one of my domains(I'm using hosts file to simulate dns). Then I figured that I have a lot of subdomains, and that would be a pain in the ass to create a certificate for each of them. So I tried creating a certificate using wildcard in Common field as suggested in some of the answers at serverfault. Like this:

Common Name: *.myserver.net/CN=myserver.net

However, after importing this certificate into Trusted Root Certification Authority, I'm getting NET::ERR_CERT_COMMON_NAME_INVALID error in Chrome, for main domain and all of its subodmains, for example: https://sub1.myserver.net and https://myserver.net.

This server could not prove that it is myserver.net; its security certificate is from *.myserver.net/CN=myserver.net.

This may be caused by a misconfiguration or an attacker intercepting your connection.

Is there something wrong in Common Name field that is causing this error?

解决方案

As Rahul stated, it is a common Chrome and an OSX bug. I was having similar issues in the past. In fact I finally got tired of making the 2 [yes I know it is not many] additional clicks when testing a local site for work.

As for a possible workaround to this issue [using Windows], I would using one of the many self signing certificate utilities available.

Recommended Steps:

1. Create a Self Signed Cert
2. Import Certificate into Windows Certificate Manager
3. Import Certificate in Chrome Certificate Manager
   NOTE: Step 3 will resolve the issue experienced once Google addresses the bug...considering the time in has been stale there is no ETA in the foreseeable future.**
   
   As much as I prefer to use Chrome for development, I have found myself in Firefox Developer Edition lately. which does not have this issue.
   
   Hope this helps :)

这篇关于为域和子域创建自签名证书 - NET :: ERR_CERT_COMMON_NAME_INVALID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！