Openssl用途无效
当Openssl生成无效的\u时,会查看哪些证书字段 我正在使用OpenSSL生成证书Openssl用途无效,openssl,Openssl,当Openssl生成无效的\u时,会查看哪些证书字段 我正在使用OpenSSL生成证书 首先生成主证书,然后生成客户端证书。现在,当我尝试连接服务器时,它会生成无效的目的 有一个扩展名keyausage,它指定了可以对证书执行的操作。请注意,某些程序未使用此字段 从X509文档: X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose the supplied certificate cannot be used for t
首先生成主证书,然后生成客户端证书。现在,当我尝试连接服务器时,它会生成无效的目的 有一个扩展名
keyausage
,它指定了可以对证书执行的操作。请注意,某些程序未使用此字段
从X509文档:
X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose
the supplied certificate cannot be used for the specified purpose.
手册页列出了参数和另一个名为extendedKeyUsage
的参数的可能值:
Key Usage.
Key usage is a multi valued extension consisting of a list of names of
the permitted key usages.
The supporte names are: digitalSignature, nonRepudiation,
keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
encipherOnly and decipherOnly.
Examples:
keyUsage=digitalSignature, nonRepudiation
keyUsage=critical, keyCertSign
Extended Key Usage.
This extensions consists of a list of usages indicating purposes for
which the certificate public key can be used for,
These can either be object short names of the dotted numerical form of
OIDs. While any OID can be used only certain values make sense. In
particular the following PKIX, NS and MS values are meaningful:
Value Meaning
----- -------
serverAuth SSL/TLS Web Server Authentication.
clientAuth SSL/TLS Web Client Authentication.
codeSigning Code signing.
emailProtection E-mail Protection (S/MIME).
timeStamping Trusted Timestamping
msCodeInd Microsoft Individual Code Signing (authenticode)
msCodeCom Microsoft Commercial Code Signing (authenticode)
msCTLSign Microsoft Trust List Signing
msSGC Microsoft Server Gated Crypto
msEFS Microsoft Encrypted File System
nsSGC Netscape Server Gated Crypto
Examples:
extendedKeyUsage=critical,codeSigning,1.2.3.4
extendedKeyUsage=nsSGC,msSGC
在螺母和螺栓级别,您使用的openssl.cnf值可能还有其他用途,比如电子邮件。这就是为什么它们对于您尝试建立的服务器连接无效
检查您的openssl.cnf内容,并查看openssl源中提供的示例,以了解可能与连接到传统web浏览器的stock TLS web服务器一起工作的内容。指向X.509配置手册页的链接已断开。更新的链接是:。为了防止链接再次中断,请进入OpenSSL站点,并按以下方式导航:文档>>手册页面>>主控>>文件格式