无效的自签名SSL证书 - “Subject Alternative Name Missing” [英] Invalid self signed SSL cert - "Subject Alternative Name Missing"
问题描述
最近,Chrome已停止使用我自己签署的SSL证书,并认为他们不安全。当我查看 DevTools |中的证书时安全
选项卡,我可以看到它说
Recently, Chrome has stopped working with my self signed SSL certs, and thinks they're insecure. When I look at the cert in the DevTools | Security
tab, I can see that it says
使用者备用名称丢失此站点的证书使用
不包含包含域名
名称或IP地址的主题备用名称扩展名。
Subject Alternative Name Missing The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address.
证书错误网站的证书链存在问题
(net :: ERR_CERT_COMMON_NAME_INVALID)。
Certificate Error There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).
我该如何解决这个问题?
How can I fix this?
推荐答案
为了解决这个问题,当你创建证书时,你需要为 openssl
提供一个额外的参数,基本上
To fix this, you need to supply an extra parameter to openssl
when you're creating the cert, basically
-sha256 -extfile v3.ext
其中 v3.ext
是一个像这样的文件,其中 %% DOMAIN %%
替换为与<$ c相同的名称$ c>通用名称。更多信息此处和在这里。请注意,通常您会将通用名称
和 %% DOMAIN %%
设置为您尝试访问的域为...生成证书。因此,如果它是 www.mysupersite.com
,那么您就可以同时使用它们。
where v3.ext
is a file like so, with %%DOMAIN%%
replaced with the same name you use as your Common Name
. More info here and over here. Note that typically you'd set the Common Name
and %%DOMAIN%%
to the domain you're trying to generate a cert for. So if it was www.mysupersite.com
, then you'd use that for both.
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = %%DOMAIN%%
注意:解决此问题的脚本,以及创建完全可信的ssl证书以用于Chrome ,Safari和Java客户端可以在这里找到
另一个说明 重试要做的是停止浏览器在查看自签名证书时抛出错误,您可以通过使用特殊的命令行选项详见这里超级用户
这篇关于无效的自签名SSL证书 - “Subject Alternative Name Missing”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!