为域和子域创建自签名证书 - NET :: ERR_CERT_COMMON_NAME_INVALID [英] Creating self signed certificate for domain and subdomains - NET::ERR_CERT_COMMON_NAME_INVALID
问题描述
Common
字段中创建一个证书,如serverfault中的某些答案所建议的。像这样: 通用名称:* .myserver.net / CN = myserver.net
但是,将此证书导入受信任的根证书颁发机构后,我将获得 NET :: ERR_CERT_COMMON_NAME_INVALID $ c Chrome中的$ c>错误,主域及其所有子网域,例如:
https://sub1.myserver.net
和 https: //myserver.net
。
此服务器无法证明它是myserver.net;其安全证书
来自* .myserver.net / CN = myserver.net。
这可能是由于配置错误或攻击者拦截您的连接造成的。
在常见名称字段中有什么问题导致此错误?
正如Rahul所说,这是一个常见的Chrome和OSX错误。我过去有类似的问题。实际上,我终于厌倦了测试本地网站进行工作的2次[是的,我知道这不是很多]。关于这个问题的一个可能的解决方法[使用Windows],我会使用许多自签名证书实用程序可用的之一。
推荐步骤:
- 创建自签证书
- 将证书导入Windows证书管理器
- 在Chrome证书管理器中导入证书注意: strong>步骤3将解决一旦遇到的问题,Google会处理错误...考虑到在可预见的将来没有ETA的时间已经过时。我喜欢使用Chrome进行开发最近发现自己在 Firefox Developer Edition 。没有这个问题。
希望这有助于:)
I followed this tutorial for creating Signed SSL certificates on Windows for development purposes, and it worked great for one of my domains(I'm using hosts file to simulate dns). Then I figured that I have a lot of subdomains, and that would be a pain in the ass to create a certificate for each of them. So I tried creating a certificate using wildcard in Common
field as suggested in some of the answers at serverfault. Like this:
Common Name: *.myserver.net/CN=myserver.net
However, after importing this certificate into Trusted Root Certification Authority, I'm getting NET::ERR_CERT_COMMON_NAME_INVALID
error in Chrome, for main domain and all of its subodmains, for example: https://sub1.myserver.net
and https://myserver.net
.
This server could not prove that it is myserver.net; its security certificate is from *.myserver.net/CN=myserver.net.
This may be caused by a misconfiguration or an attacker intercepting your connection.
Is there something wrong in Common Name field that is causing this error?
As Rahul stated, it is a common Chrome and an OSX bug. I was having similar issues in the past. In fact I finally got tired of making the 2 [yes I know it is not many] additional clicks when testing a local site for work.
As for a possible workaround to this issue [using Windows], I would using one of the many self signing certificate utilities available.
Recommended Steps:
- Create a Self Signed Cert
- Import Certificate into Windows Certificate Manager
- Import Certificate in Chrome Certificate Manager
NOTE: Step 3 will resolve the issue experienced once Google addresses the bug...considering the time in has been stale there is no ETA in the foreseeable future.**
As much as I prefer to use Chrome for development, I have found myself in Firefox Developer Edition lately. which does not have this issue.
Hope this helps :)
这篇关于为域和子域创建自签名证书 - NET :: ERR_CERT_COMMON_NAME_INVALID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!