openssl:在'；政策'；配置

我想为本地开发服务器提供一个自签名SSL证书。我遵循了上的指南，在最后一步中，您通过发出以下命令来发出对证书进行签名的命令：

openssl ca -in tempreq.pem -out server_crt.pem

我得到以下错误：（最后一行）

我能做些什么来解决它？作为背景，我的服务器没有域名，所以我只是使用localhost作为commanName。这就是问题所在吗

谢谢你的帮助

将策略从/etc/ssl/openssl.cnf复制到配置文件中

从头重新生成所有文件

政策部分如下所示：

策略=策略匹配 #对于CA策略 [政策匹配] countryName=匹配 stateOrProvinceName=匹配 organizationName=匹配 organizationalUnitName=可选 commonName=已提供 emailAddress=可选 #为了“任何事情”的政策 #此时，您必须列出所有可接受的“对象” #类型。 [policy_anything] countryName=可选 stateOrProvinceName=可选 LocationName=可选 organizationName=可选 organizationalUnitName=可选 commonName=已提供 emailAddress=可选

Using configuration from /home/user_name/.ssl/caconfig.cnf
Enter pass phrase for /home/user_name/.ssl/private/cakey.pem:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :PRINTABLE:'localhost'
stateOrProvinceName   :PRINTABLE:'AA'
countryName           :PRINTABLE:'ET'
emailAddress          :IA5STRING:'user@example.com'
organizationName      :PRINTABLE:'Example Inc'
organizationalUnitName:PRINTABLE:'Development'
localhost:invalid type in 'policy' configuration

policy = policy_match # For the CA policy [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional # For the 'anything' policy # At this point in time, you must list all acceptable 'object' # types. [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional