javascript - 无效的自签名证书

Question

我正在尝试创建自签名证书，但失败了。我想要实现的是在我的手机上测试带有 webworker 的网页，为此我确实需要 https。但目前我正尝试在我的电脑上本地运行它。

我在 Windows 上使用 openssl(我使用来自 here 的 v1.1.0 精简版)。

我正在我的机器上安装 CA 证书，我正在使用提供证书和 key 的浏览器同步 https 选项为页面提供服务。

我得到的错误是 NET::ERR_CERT_INVALID。什么可能是无效的部分？

我正在运行的命令:

openssl genrsa -des3 -out CA.key 2048
openssl req -x509 -new -nodes -key CA.key -sha256 -days 182 -out CA.pem -config ca.cfg
openssl x509 -outform der -in CA.pem -out CA.crt
openssl genrsa -out dev.key 2048
openssl req -new -key dev.key -out dev.csr -config dev.cfg
openssl x509 -req -in dev.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out dev.crt -days 1825 -sha256 -extfile dev.ext
openssl pkcs12 -export -in dev.crt -inkey dev.key -out dev.p12

CA.cfg:

[ req ]

default_bits        = 2048
default_keyfile     = server-key.pem
distinguished_name  = subject
req_extensions      = req_ext
x509_extensions     = x509_ext
string_mask         = utf8only

[ subject ]

countryName                 = Country Name (2 letter code)
countryName_default         = PL

stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = PL

localityName                = Locality Name (eg, city)
localityName_default        = PL

organizationName            = Organization Name (eg, company)
organizationName_default    = Example Organization

commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_default          = Example Division

emailAddress                = Email Address
emailAddress_default        = test@example.com

[ x509_ext ]

subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer

keyUsage               = digitalSignature, keyEncipherment
subjectAltName         = @alternate_names

[ req_ext ]

subjectKeyIdentifier = hash

keyUsage             = digitalSignature, keyEncipherment
subjectAltName       = @alternate_names

[ alternate_names ]

DNS.1       = 192.168.0.17

开发配置文件

[ req ]

default_bits        = 2048
default_keyfile     = server-key.pem
distinguished_name  = subject
req_extensions      = req_ext
x509_extensions     = x509_ext
string_mask         = utf8only

[ subject ]

countryName                 = Country Name (2 letter code)
countryName_default         = PL

stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = PL

localityName                = Locality Name (eg, city)
localityName_default        = PL

organizationName            = Organization Name (eg, company)
organizationName_default    = Example Organization

commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_default          = Example Division

emailAddress                = Email Address
emailAddress_default        = test@example.com

[ x509_ext ]

subjectKeyIdentifier   = hash
authorityKeyIdentifier = keyid,issuer

keyUsage               = digitalSignature, keyEncipherment
subjectAltName         = @alternate_names

[ req_ext ]

subjectKeyIdentifier = hash

keyUsage             = digitalSignature, keyEncipherment
subjectAltName       = @alternate_names

[ alternate_names ]

DNS.1       = 192.168.0.17

dev.ext:

authorityKeyIdentifier=keyid,issuer
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = 192.168.0.17

Answer 1

看来我已经对快速发布这个问题失去了希望。 我找到了 this工作解决方案。

同时提供 dns(本地主机)和 ip(例如 192.168.0.17)可在 Windows 机器上运行。