我使用OpenSSL创建了一个CA,并使用它为我的localhost签署证书,并在我的localhost,preview-localhost上签署了一个辅助DNS条目。 我已将CA证书安装到我的计算机上的受信任的根证书中,并将我的localhost证书添加到IIS。 当我查看签名的localhost证书时,我看到以下错误:
已安装的CA证书表明它适用于其查看器上的所有颁发和应用程序策略。 我已经为OpenSSL的两个证书都包含了输出。 我已经用替换了任何敏感(和一些不敏感的信息)。
CA证书
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=, ST=, L=, O=,
OU=, CN=/emailAddress=
Validity
Not Before: Apr 27 16:17:41 2015 GMT
Not After : Apr 24 16:17:41 2025 GMT
Subject: C=, ST=, L=, O=,
OU=, CN=/emailAddress=
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
Exponent:
X509v3 extensions:
X509v3 Subject Key Identifier:
X509v3 Authority Key Identifier:
keyid:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:localhost, DNS:preview-localhost
Signature Algorithm: sha256WithRSAEncryption
本地主机证书
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=, ST=, L=, O=,
OU=, CN=/emailAddress=
Validity
Not Before: Apr 27 18:09:18 2015 GMT
Not After : Apr 26 18:09:18 2016 GMT
Subject: C=, ST=, L=, O=,
CN=localhost/emailAddress=
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
Exponent:
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
X509v3 Authority Key Identifier:
keyid:
X509v3 Subject Alternative Name:
DNS:localhost, DNS:preview-localhost
Signature Algorithm: sha256WithRSAEncryption
任何帮助弄清楚为什么我的本地主机证书不能遵循CA的路径将非常感谢。 谢谢!