我的本地网络中有两台服务器,它们应该通过 https 相互通信。我对 SSL 证书的主题非常陌生,但我发现这个小要点很有帮助:https ://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
它要求我首先创建一个根 CA,然后签署我的 SSL 证书。但是由于我在本地网络中工作,因此服务器没有 DNS。只是一个IP地址。这可以通过将 a 附加Subject Alternative Name到证书来解决,这对我的签名请求非常有效。
openssl req -in 192.168.178.83.csr -noout -text
回来:
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = DE, ST = Brem, L = Brem, O = Self-signed certificate, CN = 192.168.178.83: Self-signed certificate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:5e:b7:ba:b2:1c:4d:21:9e:a9:d0:e8:3f:80:
b8:d7:0d:f7:d5:bc:bf:d7:e6:7a:47:84:c7:2b:1d:
7d:39:47:99:36:a0:19:10:81:d9:74:5a:91:fe:0b:
a3:90:fb:0d:4d:e1:d4:6d:52:4a:ec:8b:a3:4d:7a:
8c:2d:0a:96:84:54:ea:21:14:60:23:0a:18:58:27:
9a:ba:e1:7d:84:3f:62:58:1f:e6:77:19:02:9d:df:
ed:07:93:90:2f:f2:a8:0f:25:16:06:fb:b9:16:cb:
a8:20:06:25:4d:80:42:ce:5d:7a:77:d9:12:6f:00:
cb:04:bd:0a:32:ab:72:92:d9:8d:88:06:d7:75:e5:
d1:ef:07:f4:2f:8b:81:3f:60:8a:1a:fd:b4:fc:e8:
12:be:09:df:91:94:80:e3:e2:f7:9b:d5:f4:6d:51:
2c:b3:fa:97:76:33:17:a9:f0:0f:4d:10:b1:dc:26:
96:c0:b6:18:15:98:39:55:61:c9:ab:1b:d7:7e:ff:
ee:23:15:dd:92:eb:25:4e:38:b2:17:0e:53:38:ff:
23:25:52:ae:c8:76:04:81:0a:7c:59:e9:93:43:b3:
b3:a7:1f:46:4c:4a:ea:2b:9a:10:a5:94:8b:4e:09:
fc:a2:a5:1e:74:9c:57:1d:d5:47:6d:a0:03:b6:e4:
39:f1
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Subject Alternative Name:
IP Address:192.168.178.83
Signature Algorithm: sha256WithRSAEncryption
59:ee:67:df:dc:21:0e:5a:eb:74:48:bd:e1:b2:4a:65:7e:12:
a4:42:77:0b:11:45:d7:f6:f5:f7:07:fa:a5:6c:0b:11:16:fa:
6f:41:0d:a3:4e:56:86:b6:c2:42:8d:b7:c2:50:94:1e:6f:61:
cf:48:8d:0f:4f:3a:85:18:00:da:7f:62:85:b3:2f:4f:23:25:
6e:eb:5f:83:32:a4:de:d1:5c:4e:fe:31:17:c6:1c:c5:4a:ed:
d9:ee:4a:13:bf:45:0c:d8:1c:64:59:51:4b:95:ec:62:63:58:
b6:d3:0a:b3:dd:1f:ea:d8:1d:0d:a7:45:6c:9e:a4:69:d7:f3:
69:ac:bb:62:14:84:8e:43:34:1f:7b:8f:2f:8d:01:67:8b:1e:
80:7e:35:59:b0:95:82:82:c6:f4:56:40:e3:b5:b8:63:c9:84:
0a:ab:ec:b7:ed:da:56:bc:e1:50:61:ad:8b:e5:52:9f:d0:5d:
dd:74:67:de:d3:b0:be:b3:1f:35:51:e8:6b:ac:d2:84:ef:a8:
35:dd:70:0e:32:f2:a1:1f:4a:be:39:a9:60:06:8a:3c:f0:05:
71:50:ed:85:41:31:f5:4c:df:71:8e:8e:22:08:ad:fd:55:89:
05:a4:53:44:d5:01:1f:d3:56:a2:b0:bc:7b:c9:e9:01:ea:ad:
3d:fb:95:52
但是当我根据前面提到的要点签名时,openssl req -in mydomain.com.csr -noout -text返回:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
32:67:42:b9:db:c2:23:23:89:de:d1:5a:51:ff:6a:64:76:9e:89:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = DE, ST = Bremen, L = Bremen, O = Root-CA by Jere, OU = Kellerserver, CN = bla, emailAddress = blug@asdlfj.de
Validity
Not Before: Sep 21 17:16:12 2021 GMT
Not After : Feb 3 17:16:12 2023 GMT
Subject: C = DE, ST = Brem, L = Brem, O = Self-signed certificate, CN = 192.168.178.83: Self-signed certificate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:5e:b7:ba:b2:1c:4d:21:9e:a9:d0:e8:3f:80:
b8:d7:0d:f7:d5:bc:bf:d7:e6:7a:47:84:c7:2b:1d:
7d:39:47:99:36:a0:19:10:81:d9:74:5a:91:fe:0b:
a3:90:fb:0d:4d:e1:d4:6d:52:4a:ec:8b:a3:4d:7a:
8c:2d:0a:96:84:54:ea:21:14:60:23:0a:18:58:27:
9a:ba:e1:7d:84:3f:62:58:1f:e6:77:19:02:9d:df:
ed:07:93:90:2f:f2:a8:0f:25:16:06:fb:b9:16:cb:
a8:20:06:25:4d:80:42:ce:5d:7a:77:d9:12:6f:00:
cb:04:bd:0a:32:ab:72:92:d9:8d:88:06:d7:75:e5:
d1:ef:07:f4:2f:8b:81:3f:60:8a:1a:fd:b4:fc:e8:
12:be:09:df:91:94:80:e3:e2:f7:9b:d5:f4:6d:51:
2c:b3:fa:97:76:33:17:a9:f0:0f:4d:10:b1:dc:26:
96:c0:b6:18:15:98:39:55:61:c9:ab:1b:d7:7e:ff:
ee:23:15:dd:92:eb:25:4e:38:b2:17:0e:53:38:ff:
23:25:52:ae:c8:76:04:81:0a:7c:59:e9:93:43:b3:
b3:a7:1f:46:4c:4a:ea:2b:9a:10:a5:94:8b:4e:09:
fc:a2:a5:1e:74:9c:57:1d:d5:47:6d:a0:03:b6:e4:
39:f1
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
3b:2a:19:49:04:78:8f:bf:d9:39:d2:ca:16:64:38:40:0a:7b:
93:ef:07:1f:e8:ea:e6:b8:1b:7e:89:09:6c:75:e5:da:2a:0a:
79:41:26:5d:5d:e4:6f:e6:5a:87:66:65:39:a6:60:9a:31:92:
dc:c9:25:b3:5f:5d:cb:49:b0:be:c5:ad:d4:ec:89:f5:de:af:
42:ca:46:e2:1d:f3:52:b5:f9:b7:48:ff:89:92:8a:28:ad:98:
78:61:10:a8:f0:3b:ca:42:6d:7b:2c:47:3f:78:72:04:26:a6:
48:bd:b2:b3:ce:5d:e5:60:b5:0a:99:6f:6e:a5:17:87:f3:cd:
d3:ba:3e:de:87:f0:01:f6:0a:b2:a9:3c:d7:95:4b:b0:fd:80:
da:a3:5b:d3:7a:bd:d8:32:0e:7d:59:1a:d3:49:fd:cc:4b:e0:
03:17:40:32:8d:30:30:ef:37:da:ea:f0:19:88:a7:1a:2a:8f:
f7:c0:9a:34:53:8b:e7:9a:15:e0:5c:01:b4:0a:f1:a5:f2:7f:
8c:38:62:43:92:c7:39:a7:e3:0a:e6:f7:9a:2f:a9:60:8d:cc:
cc:e5:77:f9:ab:d9:03:52:64:15:11:b2:6f:d9:25:8b:50:1f:
48:ba:61:35:19:68:af:c2:37:ab:d1:d8:3d:ac:01:40:ab:37:
2d:12:b2:22:8c:dc:6a:c9:83:d4:d3:fb:47:e0:49:ca:f9:99:
14:ad:26:c5:54:68:fa:9c:94:d7:cd:a6:6b:01:f8:08:ee:5e:
b4:4e:ba:97:4a:19:07:13:2b:1b:3d:e0:e1:7f:6a:24:35:d8:
c1:46:a2:1a:15:a8:3c:86:8d:7e:f5:a1:6e:c9:72:f9:17:22:
8e:1f:13:a8:2f:ab:29:e4:7a:5d:a7:15:ef:58:fd:07:ec:d1:
47:58:7c:de:52:35:75:66:61:36:63:40:14:c0:6d:04:1b:2d:
c3:bb:18:97:df:ed:ed:f1:74:89:e0:b7:5f:63:f1:67:88:b5:
db:d4:04:e7:d9:ee:14:b3:71:bd:b8:25:a0:2b:87:f7:5c:d9:
58:3b:03:55:75:a4:53:33:99:66:a7:ab:ea:b7:f1:17:82:23:
6e:6c:df:95:fe:1d:16:2a:35:e0:96:7a:cd:9b:55:f7:da:f5:
a5:e0:55:26:16:58:29:80:e9:e0:a5:07:fd:e4:07:e1:d7:43:
ca:f6:7b:d7:53:ec:d6:d4:b2:b3:4e:75:8e:39:61:75:1a:75:
a0:d8:46:51:07:46:ca:7b:aa:44:b1:17:89:9d:64:21:61:a7:
c5:f0:18:eb:2c:61:61:7a:de:49:7d:c0:b0:6d:3f:89:c9:83:
5c:14:14:a8:0d:a8:8b:2f
我的 SAN 扩展似乎不见了!
我正在使用 Ubuntu 机器。