我正在尝试创建自签名证书,但失败了。我想要实现的是在我的手机上测试带有 webworker 的网页,为此我确实需要 https。但目前我正尝试在我的电脑上本地运行它。
我在 Windows 上使用 openssl(我使用来自 here 的 v1.1.0 精简版)。
我正在我的机器上安装 CA 证书,我正在使用提供证书和 key 的浏览器同步 https 选项为页面提供服务。
我得到的错误是 NET::ERR_CERT_INVALID。什么可能是无效的部分?
我正在运行的命令:
openssl genrsa -des3 -out CA.key 2048
openssl req -x509 -new -nodes -key CA.key -sha256 -days 182 -out CA.pem -config ca.cfg
openssl x509 -outform der -in CA.pem -out CA.crt
openssl genrsa -out dev.key 2048
openssl req -new -key dev.key -out dev.csr -config dev.cfg
openssl x509 -req -in dev.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out dev.crt -days 1825 -sha256 -extfile dev.ext
openssl pkcs12 -export -in dev.crt -inkey dev.key -out dev.p12
CA.cfg:
[ req ]
default_bits = 2048
default_keyfile = server-key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = PL
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = PL
localityName = Locality Name (eg, city)
localityName_default = PL
organizationName = Organization Name (eg, company)
organizationName_default = Example Organization
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = Example Division
emailAddress = Email Address
emailAddress_default = test@example.com
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
[ req_ext ]
subjectKeyIdentifier = hash
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
[ alternate_names ]
DNS.1 = 192.168.0.17
开发配置文件
[ req ]
default_bits = 2048
default_keyfile = server-key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = PL
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = PL
localityName = Locality Name (eg, city)
localityName_default = PL
organizationName = Organization Name (eg, company)
organizationName_default = Example Organization
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = Example Division
emailAddress = Email Address
emailAddress_default = test@example.com
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
[ req_ext ]
subjectKeyIdentifier = hash
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
[ alternate_names ]
DNS.1 = 192.168.0.17
dev.ext:
authorityKeyIdentifier=keyid,issuer
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = 192.168.0.17
最佳答案
看来我已经对快速发布这个问题失去了希望。 我找到了 this工作解决方案。
同时提供 dns(本地主机)和 ip(例如 192.168.0.17)可在 Windows 机器上运行。
关于javascript - 无效的自签名证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46743472/