我使用 OpenSSL 创建了一个 CA,并用它为我的本地主机签署证书,并在我的本地主机 preview-localhost 上创建了一个辅助 DNS 条目。我已将 CA 证书安装到我机器上的受信任的根证书中,并将我的本地主机证书添加到 IIS。当我查看签名的本地主机证书时,我看到以下错误:
已安装的 CA 证书表示它适用于其查看器上的所有颁发和应用策略。我已经包含了来自 OpenSSL 的两个证书的输出。我已将任何敏感(和一些不敏感的信息)替换为<描述文字>.
CA证书
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
<Serial Number
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=<Country>, ST=<State>, L=<Ventura>, O=<MyOrganization>,
OU=<Some Authority>, CN=<SomeAuthority>/emailAddress=<email address>
Validity
Not Before: Apr 27 16:17:41 2015 GMT
Not After : Apr 24 16:17:41 2025 GMT
Subject: C=<Country>, ST=<State>, L=<Ventura>, O=<MyOrganization>,
OU=<Some Authority>, CN=<SomeAuthority>/emailAddress=<email address>
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
<Modulus>
Exponent: <Exponent>
X509v3 extensions:
X509v3 Subject Key Identifier:
<Subject Key Identifier>
X509v3 Authority Key Identifier:
keyid:<keyid>
X509v3 Basic Constraints:
CA:TRUE
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:localhost, DNS:preview-localhost
Signature Algorithm: sha256WithRSAEncryption
<Signature>
本地主机证书
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
<Some Serial Number>
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=<Country>, ST=<State>, L=<Ventura>, O=<MyOrganization>,
OU=<Some Authority>, CN=<SomeAuthority>/emailAddress=<email address>
Validity
Not Before: Apr 27 18:09:18 2015 GMT
Not After : Apr 26 18:09:18 2016 GMT
Subject: C=<Country>, ST=<State>, L=<Ventura>, O=<MyOrganization>,
CN=localhost/emailAddress=<Email Address>
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
<Modulus>
Exponent: <Exponent>
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
<SKI>
X509v3 Authority Key Identifier:
keyid:<KEY ID>
X509v3 Subject Alternative Name:
DNS:localhost, DNS:preview-localhost
Signature Algorithm: sha256WithRSAEncryption
<Signature>
任何帮助弄清楚为什么我的本地主机证书不能遵循通往 CA 的路径的帮助将不胜感激。谢谢!
我是一名优秀的程序员,十分优秀!