SSL自签名证书上的Chrome(net :: ERR_CERT_COMMON_NAME_INVALID)错误
Art*_*san 7 google-chrome ssl-certificate node.js express
我使用自签名证书尝试建立一个网站在localhost Express.js在Windows 10.下面是Express.js服务器代码.
index.js
const https = require('https')
const express = require('express')
const app = express()
const fs = require('fs')
const path = require('path')
const httpsOptions = {
cert: fs.readFileSync(path.resolve(__dirname, 'ssl', 'ca.crt')),
key: fs.readFileSync(path.resolve(__dirname, 'ssl', 'ca.key'))
}
const router = require('./router')
app.use('/people', router)
https.createServer(httpsOptions, app)
.listen(3443)
我还将证书颁发机构ca.crt文件导入chrome,然后重新启动chrome.但我仍然在chrome上有错误,如下所示:
请指导如何解决这个问题谢谢
我使用以下命令创建了密钥和证书.
# certificate authority key
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ca.key
# server key
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server.key
# certificate authority
openssl req -new -x509 -days 365 -key ca.key -subj "/CN=Test CA/O=Test Organization" -out ca.crt
# certificate signing request
openssl req -new -key server.key -subj "/CN=localhost/O=Test Organization" -out server.csr
# server certificate
openssl x509 -days 365 -req -in server.csr -CAcreateserial -CA ca.crt -CAkey ca.key -out server.crt
# verification
openssl verify -verbose -CAfile ca.crt server.crt
系统信息
- OpenSSL:1.1.0e 2017年2月16日
- 节点:7.7.1
- Windows 10
花了几个小时试图解决这个问题.以下方式对我有用:
创建配置文件(例如req.cnf)
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = VA
L = SomeCity
O = MyCompany
OU = MyDivision
CN = local.com
[v3_req]
keyUsage = critical, digitalSignature, keyAgreement
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = local.com
IP.1 = 127.0.0.1
然后生成证书和私钥
openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout local.com.key -out local.com.cert -config req.cnf -sha256
- 在Windows Server中测试时,此解决方案对我不起作用。在Chrome ERR_CERT_INVALID_COMMON_NAME中仍然出现相同的错误 (2认同)
| 归档时间: |
|
| 查看次数: |
9902 次 |
| 最近记录: |