signature=bc726974a5f6fc86360ad26673aa0949,ssl - openssl Verify return code 7 (certificate signature...

最新推荐文章于 2022-08-29 09:41:21 发布
最新推荐文章于 2022-08-29 09:41:21 发布
阅读量1.1w 收藏
点赞数
文章标签: signature=bc726974a5f6fc86360ad26673aa0949

I have created my own CA and an Intermediate CA

The Intermediate CA is signed from the self-signed CA and then I create a private key and a certificate for the web sites I have in my lab. The certificate has as common name the FQDN of the server (which is the same as the CA/IntCA).

The certificate has all the sites in the Subject Alternative Names.

Apache is configured like this for all sites:

# HTTP

ServerName trd.example.com

# Redirect any HTTP request to HTTPS

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

# Logging

LogLevel warn

ErrorLog logs/trd.example.com-error_log

CustomLog logs/trd.example.com-access_log combined

ServerName trd.example.com

SSLEngine on

SSLCertificateKeyFile /etc/pki/tls/private/server.example.com_key.pem

SSLCertificateFile /etc/pki/tls/certs/server.example.com_chain.pem

Protocols h2 http/1.1

Header always set Strict-Transport-Security "max-age=63072000"

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

DocumentRoot /var/www/sites/trd

# Logging

LogLevel warn

ErrorLog logs/trd.example.com-error_log

CustomLog logs/trd.example.com-access_log combined

The file server.example.com_chain.pem contains the site's certificate and the Intermediate's CA certificate. Apache starts, but then, when I connect to any site either with Firefox or Chrome, I get SSL errors.

I tried to verify the ssl with the openssl command and I get this error:

Verify return code: 7 (certificate signature failure)

The full output of the command is:

$ openssl s_client -connect trd.example.com:443

openssl s_client -connect trd.example.com:443

CONNECTED(00000003)

depth=2 C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = myCA, emailAddress = hostmaster@example.com

verify return:1

depth=1 C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = myCA1, emailAddress = hostmaster@example.com

verify return:1

depth=0 C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = server.example.com, emailAddress = hostmaster@example.com

verify error:num=7:certificate signature failure

verify return:1

depth=0 C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = server.example.com, emailAddress = hostmaster@example.com

verify return:1

---

Certificate chain

0 s:C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = server.example.com, emailAddress = hostmaster@example.com

i:C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = myCA1, emailAddress = hostmaster@example.com

1 s:C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = myCA1, emailAddress = hostmaster@example.com

i:C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = myCA, emailAddress = hostmaster@example.com

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIEuzCCBB2gAwIBAgIUXaYFIVHY33EeSst3A22ExUzKjf8wCgYIKoZIzj0EAwIw

....

MQhgl8SAmayZK81mLpvO7SoUEjOUYyKzht08qjSJACDwGhFL5YuXydWcuTDPN+tv

CzYVuHq/HJcX8zocGzhz

-----END CERTIFICATE-----

subject=C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = server.example.com, emailAddress = hostmaster@example.com

issuer=C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = myCA1, emailAddress = hostmaster@example.com

---

No client certificate CA names sent

Peer signing digest: SHA256

Peer signature type: RSA-PSS

Server Temp Key: X25519, 253 bits

---

SSL handshake has read 3566 bytes and written 396 bytes

Verification error: certificate signature failure

---

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384

Server public key is 4096 bit

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

Early data was not sent

Verify return code: 7 (certificate signature failure)

---

---

Post-Handshake New Session Ticket arrived:

SSL-Session:

Protocol : TLSv1.3

Cipher : TLS_AES_256_GCM_SHA384

Session-ID: 6999AE5E768A5068199C8AEC33395E11CAA6CD9A9AA00952C4EDED9FB14A6DCA

Session-ID-ctx:

Resumption PSK: F09B2927E48D9934395D9FB1364D70DE798EF30694687B0918B4517F8BD2B83E70FDA60640C9165FAF19EE81DAD97C03

PSK identity: None

PSK identity hint: None

SRP username: None

TLS session ticket lifetime hint: 300 (seconds)

TLS session ticket:

0000 - 27 c8 f4 bd 54 77 e3 70-9a 22 1e 9a 85 c6 07 92 '...Tw.p."......

0010 - 61 0c f4 33 53 aa 62 ba-ff fe a9 84 3f c6 35 32 a..3S.b.....?.52

0020 - 1b 70 e8 5e 67 ad 82 b0-70 a4 da 20 ae 18 8e ef .p.^g...p.. ....

0030 - bf b1 cf f6 1b ea 1d 4d-9e eb 8d 9f 80 ee 66 93 .......M......f.

0040 - a7 5e 53 54 a9 89 6e 5a-59 62 cc ac d6 90 91 1e .^ST..nZYb......

0050 - 3f db 75 f0 5c f9 72 3c-a3 8b c9 77 16 9f bf 4d ?.u.\.r<...w...m>

0060 - ae 65 5a 5e 05 ae 84 45-8b 48 f7 a8 99 08 c1 c0 .eZ^...E.H......

0070 - d0 66 3f 54 c6 1f ca e3-1d a6 50 22 ab 92 80 c8 .f?T......P"....

0080 - 7f f5 be 6a 4d 4d 0a 7a-e6 82 6d e0 e6 72 32 e2 ...jMM.z..m..r2.

0090 - d4 ab e2 2a ea cb 00 83-c7 51 de 7c c3 52 1a 5e ...*.....Q.|.R.^

00a0 - 94 3e 38 81 cb 05 27 6e-0a f0 5d 32 27 ea 5f c4 .>8...'n..]2'._.

00b0 - 50 de b0 12 69 6a 3b 4f-ae cc 85 64 a2 93 1a b0 P...ij;O...d....

00c0 - 7d 60 04 6c a3 4b 3c de-7c 08 04 b1 8b 1f 53 d4 }`.l.K<.>

00d0 - 1e db 57 ca 08 f8 0c 8a-45 84 fe a7 f4 eb 88 2c ..W.....E......,

00e0 - 90 f5 96 f1 6a c4 54 eb-16 54 86 6c 9f bc b8 52 ....j.T..T.l...R

Start Time: 1585135481

Timeout : 7200 (sec)

Verify return code: 7 (certificate signature failure)

Extended master secret: no

Max Early Data: 0

---

read R BLOCK

---

Post-Handshake New Session Ticket arrived:

SSL-Session:

Protocol : TLSv1.3

Cipher : TLS_AES_256_GCM_SHA384

Session-ID: 844AB89D046A9564B4F71DE1689D63E295D796AA3DB3C97360A276216A711052

Session-ID-ctx:

Resumption PSK: 10DBA6252AECC4DC7A9567DA8CDA7C4B6695E0788D33533F155726628A8CBE9DC361A977473759402A9E2D2EA15698A7

PSK identity: None

PSK identity hint: None

SRP username: None

TLS session ticket lifetime hint: 300 (seconds)

TLS session ticket:

0000 - 27 c8 f4 bd 54 77 e3 70-9a 22 1e 9a 85 c6 07 92 '...Tw.p."......

0010 - 7b f3 f1 29 8d 79 74 0f-43 bc f1 40 70 16 52 99 {..).yt.C..@p.R.

0020 - 78 6f e8 14 bc 4b 34 f8-7f 03 1c 26 70 6f d9 94 xo...K4....&po..

0030 - 92 e7 b4 b2 19 68 37 95-1e ab fa 42 ea ee de 4c .....h7....B...L

0040 - 45 da 86 c5 db 30 1a 60-91 85 d5 9e 05 0b e4 5f E....0.`......._

0050 - 5e eb c8 b8 94 f5 e0 a5-01 1c 60 cc 7c a0 bc 70 ^.........`.|..p

0060 - 10 55 c7 48 1c 2a 2b 57-06 ad dc b9 c1 56 e7 34 .U.H.*+W.....V.4

0070 - 4b bd 59 67 ad f0 d7 55-a3 07 26 10 7f c5 4f 87 K.Yg...U..&...O.

0080 - 96 7f 43 bf 8c 1b f5 84-37 f5 47 99 c7 8e a4 29 ..C.....7.G....)

0090 - 9f b6 43 79 43 27 04 33-7c 5d 2a ef cf 2c 15 1d ..CyC'.3|]*..,..

00a0 - 14 d0 a3 a1 4b ef c2 a2-02 c5 4c 75 74 08 d5 cf ....K.....Lut...

00b0 - 47 cc 02 fb a3 c2 e0 d8-87 ad e1 3b c6 f4 d6 aa G..........;....

00c0 - e6 cb a1 a8 6c e9 c9 e8-56 0a bf d4 3e fa 08 a0 ....l...V...>...

00d0 - 26 02 82 36 33 71 db 9f-bf ce b8 8f d7 ef 75 b3 &..63q........u.

00e0 - fb d1 38 56 81 b0 ed f6-c6 35 66 e3 87 bd 68 d9 ..8V.....5f...h.

Start Time: 1585135481

Timeout : 7200 (sec)

Verify return code: 7 (certificate signature failure)

Extended master secret: no

Max Early Data: 0

---

read R BLOCK

This is my chain certificate:

openssl x509 -text -noout -subject -in /etc/pki/tls/certs/server.example.com_chain.pem

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

5d:a6:05:21:51:d8:df:71:1e:4a:cb:77:03:6d:84:c5:4c:ca:8d:ff

Signature Algorithm: ecdsa-with-SHA256

Issuer: C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = myCA1, emailAddress = hostmaster@example.com

Validity

Not Before: Mar 24 16:42:09 2020 GMT

Not After : Jan 15 11:00:00 2030 GMT

Subject: C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = server.example.com, emailAddress = hostmaster@example.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public-Key: (4096 bit)

Modulus:

00:eb:a7:c3:a0:23:d6:7a:ac:fb:4c:70:e1:cf:b9:

f2:4d:ff:d8:ed:9d:40:cb:e4:68:67:b0:02:d2:25:

03:15:37:18:31:e0:90:7f:2c:ff:dd:ef:da:64:9d:

e8:86:48:b3:75:9b:a7:8e:b2:70:e2:fb:d0:c3:b3:

74:42:52:57:65:35:db:0e:4f:57:57:a6:3c:ee:7b:

33:7d:1d:0e:25:e0:4a:eb:26:0c:f3:2b:04:23:c5:

6c:c0:95:0b:06:61:33:7d:ca:be:c3:b9:fa:f0:b2:

01:eb:9d:55:8d:cb:1f:3c:96:78:6a:8b:9e:66:9c:

26:6b:fa:8a:d9:2a:2c:3a:bf:73:97:78:4b:a8:6f:

41:7f:0a:f0:4a:63:e5:92:ca:f8:f8:7b:cf:0c:b2:

f3:7c:4d:ca:75:ed:0a:b2:99:f0:75:e0:7c:9f:e7:

b5:53:9a:08:3d:71:5d:f6:39:91:85:1e:47:04:0f:

5a:a2:26:b5:5f:4e:2d:d9:95:3b:32:88:b8:f4:54:

5e:1e:64:11:cd:cb:3c:17:4d:d3:a5:c7:bb:88:1c:

01:db:43:ee:b8:16:f8:95:c8:37:96:de:c1:3e:cd:

a9:f9:7c:f6:94:fb:a6:6d:67:9d:69:24:0b:0e:43:

b2:94:6d:54:61:04:41:c3:e9:ed:0f:80:e8:3b:69:

ca:f2:76:39:7b:f6:6c:48:4c:94:0a:cc:57:50:14:

1e:c7:7f:c7:b5:98:e7:50:a7:ea:f8:9b:73:ad:77:

be:ab:2d:7b:e6:c3:e8:2b:8a:bd:3b:26:b3:7b:a0:

4f:90:96:6e:92:50:d5:8c:a0:5a:c8:2e:9f:82:52:

35:82:f5:5d:0e:e8:fb:89:f2:b3:ef:85:ae:ae:fe:

ea:52:75:2e:dd:ad:a5:a2:ff:2d:22:df:8c:50:39:

f6:d1:30:8b:73:c9:a5:da:d6:28:96:db:9b:55:d7:

bd:30:fc:ec:3e:3c:10:94:9f:05:39:63:1c:2d:37:

56:d5:33:ed:cc:5d:d6:0c:df:57:2b:9c:07:35:8e:

20:74:9f:53:09:08:32:26:a8:11:e8:6e:98:d4:a3:

b9:4a:40:28:5b:e0:9d:41:2a:07:bc:cd:fb:2a:6c:

fb:cd:55:c8:fa:a9:7b:68:76:bb:79:58:30:96:97:

c1:db:b3:fe:b6:05:94:bf:a7:49:03:9f:e8:fe:b0:

88:6f:3f:52:a9:ac:86:72:df:20:19:df:80:76:85:

72:0e:a6:d5:fe:34:b6:21:d4:19:5e:c1:96:c0:ca:

58:da:69:f8:41:07:66:17:98:bf:62:0b:97:c1:fa:

f1:39:a1:df:13:0f:8f:15:9f:e0:d0:04:6e:38:50:

51:2a:27

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Subject Alternative Name: critical

DNS: server.example.com, DNS: db.example.com, DNS: trd.example.com

X509v3 Key Usage: critical

Digital Signature, Key Encipherment

X509v3 Basic Constraints: critical

CA:FALSE

Signature Algorithm: ecdsa-with-SHA256

30:81:87:02:42:01:15:65:da:1f:05:77:50:36:05:6f:06:17:

85:aa:29:9b:12:e0:ae:c6:75:03:71:c2:b5:19:a4:57:35:43:

ca:28:a5:54:87:3f:a1:69:c8:8d:67:dd:8f:d5:78:e5:f3:40:

ba:09:24:4c:db:3e:e5:9e:c0:65:05:94:07:a9:29:e6:d1:02:

41:37:da:31:08:60:97:c4:80:99:ac:99:2b:cd:66:2e:9b:ce:

ed:2a:14:12:33:94:63:22:b3:86:dd:3c:aa:34:89:00:20:f0:

1a:11:4b:e5:8b:97:c9:d5:9c:b9:30:cf:37:eb:6f:0b:36:15:

b8:7a:bf:1c:97:17:f3:3a:1c:1b:38:73

subject=C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = server.example.com, emailAddress = hostmaster@example.com

And this is the certificate of my CA:

openssl x509 -text -noout -subject -in /etc/pki/ca/certs/MyCA_crt.pem

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

71:....:19:90:e4

Signature Algorithm: sha256WithRSAEncryption

Issuer: C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = myCA, emailAddress = hostmaster@example.com

Validity

Not Before: Mar 24 09:33:34 2020 GMT

Not After : Mar 1 11:00:00 2030 GMT

Subject: C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = myCA, emailAddress = hostmaster@example.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public-Key: (4096 bit)

Modulus:

00:...:61

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Subject Alternative Name:

DNS: server.example.com

X509v3 Key Usage: critical

Digital Signature, Certificate Sign, CRL Sign

X509v3 Basic Constraints: critical

CA:TRUE, pathlen:1

Signature Algorithm: sha256WithRSAEncryption

09:...29

subject=C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = myCA, emailAddress = ...

And this is the CA1 certificate:

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

47:d8:98:93:...:92:75:15:c2:cf:20:13

Signature Algorithm: sha256WithRSAEncryption

Issuer: C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = myCA, emailAddress = hostmaster@example.com

Validity

Not Before: Mar 24 09:33:37 2020 GMT

Not After : Feb 1 11:00:00 2030 GMT

Subject: C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = myCA1, emailAddress = hostmaster@example.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public-Key: (4096 bit)

Modulus:

00:9e:e4:fd:a2:d5:73:b9:9a:ed:5c:aa:5a:c8:50:

9d:66:b1:0c:43:d3:33:72:5a:32:95:b9:fb:70:fa:

...

0a:b8:83:f2:d2:02:91:8b:f9:40:6d:5d:ab:21:b7:

79:4a:53:b4:b4:d2:c7:e3:ac:bb:64:25:1a:90:07:

eb:fe:22:ba:d3:98:33:d9:18:5b:8f:0d:52:0d:02:

20:57:61

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Subject Alternative Name:

DNS: server.example.com

X509v3 Key Usage: critical

Digital Signature, Certificate Sign, CRL Sign

X509v3 Basic Constraints: critical

CA:TRUE, pathlen:0

Signature Algorithm: sha256WithRSAEncryption

8d:27:2a:ed:eb:7b:dc:35:d2:65:10:58:1b:71:a4:d9:73:28:

06:8d:b5:ae:25:0c:29:e1:8c:7c:4f:3b:44:2d:05:d6:d8:ee:

c4:47:c2:4f:15:57:59:95:85:0b:78:d0:95:43:9d:1c:29:40:

5a:46:72:a0:88:95:18:98:5c:b2:61:9c:fc:05:67:a0:b0:a4:

...

d8:b9:c7:7a:ed:fa:47:46:72:a7:ce:bf:9a:64:c2:2f:b7:7f:

d5:9a:a1:73:d2:bb:b2:55:2d:fb:ef:7c:1d:4e:89:07:8d:9b:

81:98:fa:50:ec:8c:63:e5

subject=C = UN, ST = Locality, L = City, O = MyCompany LTD, OU = IT, CN = myCA1, emailAddress = hostmaster@example.com

How can I find what is wrong with it???

The full certificate chain is the following:

-----BEGIN CERTIFICATE-----

MIIEuzCCBB2gAwIBAgIUXaYFIVHY33EeSst3A22ExUzKjf8wCgYIKoZIzj0EAwIw

gZQxCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZBdHRpY2ExFTATBgNVBAcMDEFyZ3ly

b3Vwb2xpczEdMBsGA1UECgwUUGV0ZXIgVHNlbGlvcyAtIEhvbWUxCzAJBgNVBAsM

AklUMREwDwYDVQQDDAhob21lLUNBMTEeMBwGCSqGSIb3DQEJARYPaG9zdG1hc3Rl

ckBob21lMB4XDTIwMDMyNDE2NDIwOVoXDTMwMDExNTExMDAwMFowgZcxCzAJBgNV

BAYTAkdSMQ8wDQYDVQQIDAZBdHRpY2ExFTATBgNVBAcMDEFyZ3lyb3Vwb2xpczEd

MBsGA1UECgwUUGV0ZXIgVHNlbGlvcyAtIEhvbWUxCzAJBgNVBAsMAklUMRQwEgYD

VQQDDAtzZXJ2ZXIuaG9tZTEeMBwGCSqGSIb3DQEJARYPaG9zdG1hc3RlckBob21l

MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA66fDoCPWeqz7THDhz7ny

Tf/Y7Z1Ay+RoZ7AC0iUDFTcYMeCQfyz/3e/aZJ3ohkizdZunjrJw4vvQw7N0QlJX

ZTXbDk9XV6Y87nszfR0OJeBK6yYM8ysEI8VswJULBmEzfcq+w7n68LIB651Vjcsf

PJZ4aoueZpwma/qK2SosOr9zl3hLqG9BfwrwSmPlksr4+HvPDLLzfE3Kde0Kspnw

deB8n+e1U5oIPXFd9jmRhR5HBA9aoia1X04t2ZU7Moi49FReHmQRzcs8F03Tpce7

iBwB20PuuBb4lcg3lt7BPs2p+Xz2lPumbWedaSQLDkOylG1UYQRBw+ntD4DoO2nK

8nY5e/ZsSEyUCsxXUBQex3/HtZjnUKfq+JtzrXe+qy175sPoK4q9Oyaze6BPkJZu

klDVjKBayC6fglI1gvVdDuj7ifKz74Wurv7qUnUu3a2lov8tIt+MUDn20TCLc8ml

2tYoltubVde9MPzsPjwQlJ8FOWMcLTdW1TPtzF3WDN9XK5wHNY4gdJ9TCQgyJqgR

6G6Y1KO5SkAoW+CdQSoHvM37Kmz7zVXI+ql7aHa7eVgwlpfB27P+tgWUv6dJA5/o

/rCIbz9SqayGct8gGd+AdoVyDqbV/jS2IdQZXsGWwMpY2mn4QQdmF5i/YguXwfrx

OaHfEw+PFZ/g0ARuOFBRKicCAwEAAaN9MHswWwYDVR0RAQH/BFEwT4IMIHNlcnZl

ci5ob21lggsgbXlzcWwuaG9tZYINIHBocGlwYW0uaG9tZYIOIGFkbWluLmYxLmhv

bWWCCCBmMS5ob21lggkgdHJkLmhvbWUwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB

/wQCMAAwCgYIKoZIzj0EAwIDgYsAMIGHAkIBFWXaHwV3UDYFbwYXhaopmxLgrsZ1

A3HCtRmkVzVDyiilVIc/oWnIjWfdj9V45fNAugkkTNs+5Z7AZQWUB6kp5tECQTfa

MQhgl8SAmayZK81mLpvO7SoUEjOUYyKzht08qjSJACDwGhFL5YuXydWcuTDPN+tv

CzYVuHq/HJcX8zocGzhz

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIIF9jCCA96gAwIBAgIUR9iYk/cYS7UPoZ9vd5J1FcLPIBMwDQYJKoZIhvcNAQEL

BQAwgZMxCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZBdHRpY2ExFTATBgNVBAcMDEFy

Z3lyb3Vwb2xpczEdMBsGA1UECgwUUGV0ZXIgVHNlbGlvcyAtIEhvbWUxCzAJBgNV

BAsMAklUMRAwDgYDVQQDDAdob21lLUNBMR4wHAYJKoZIhvcNAQkBFg9ob3N0bWFz

dGVyQGhvbWUwHhcNMjAwMzI0MDkzMzM3WhcNMzAwMjAxMTEwMDAwWjCBlDELMAkG

A1UEBhMCR1IxDzANBgNVBAgMBkF0dGljYTEVMBMGA1UEBwwMQXJneXJvdXBvbGlz

MR0wGwYDVQQKDBRQZXRlciBUc2VsaW9zIC0gSG9tZTELMAkGA1UECwwCSVQxETAP

BgNVBAMMCGhvbWUtQ0ExMR4wHAYJKoZIhvcNAQkBFg9ob3N0bWFzdGVyQGhvbWUw

ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCe5P2i1XO5mu1cqlrIUJ1m

sQxD0zNyWjKVuftw+naem4fRw0IhFCFeB4dy9sAN3UsByT0FbFxqs5Z2GvNjTtIz

o+zeARI7H5sd0Hym6BiNqteglywwGDe19swT00D0rfNAfuhGIBgCICrKyPHe6b8Z

sFOwWTRy4FA1HI7b4KXkQvSSt/dGD5gzaa/Ase3ayCEdutrCH+5FXazHZTUVculT

gAqbA9zYHOnKUm5D1L+qzfV2jOpn1+FNF4JVpl3EdkLXdx9tmGEVFfwD8n60Mb3b

istCfRBX4SN7MZyqeflmYUfJI2vBQO1dbhC1E2lFbCSmyaxItw5dABZQWKoSql6g

q1ExPCC6WgX7+hsfIlA10hceI465OoKCk2JbtbWTcEZAlUZw9zk98EAReg2inA1Q

U8D2sz+Q+uZay74uEt11fY/cKIrjTkvusVj/YxmBbSvcpoiaX1Ru8NsiNH7wUpRd

qC+xDlCTmAnH9lQpMrPK2iHVTKx69PThCpfM5VW6OurQLDYqmoNh2EMhDUsH+IPY

oREIUi52mQRHHql2m1m7T39UyllCJN4C54FFqdaEi+hAQ1mc707bYw/OcNrH8vis

X1xwHw7Q9nWZJPHcED7Eiwq4g/LSApGL+UBtXasht3lKU7S00sfjrLtkJRqQB+v+

IrrTmDPZGFuPDVINAiBXYQIDAQABoz8wPTAXBgNVHREEEDAOggwgc2VydmVyLmhv

bWUwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJKoZIhvcN

AQELBQADggIBAI0nKu3re9w10mUQWBtxpNlzKAaNta4lDCnhjHxPO0QtBdbY7sRH

wk8VV1mVhQt40JVDnRwpQFpGcqCIlRiYXLJhnPwFZ6CwpKde37l2jyXEvORKbN/p

BTaRX7gD8KUM9ambzYhcX6zKhJkF6wxigBstUWGGiVcDg51gGS7TvahqzMlDY1e5

mARMYnQdSQN6mBonvjHo0vo5vY4f6aHCxLQpMkpGOstCShHKCUTF+dU98XDvWyEL

Yxk3XwuXb6TltjPM7Y/9BrRlhj8lGjOTJzXReR7pvikPCZFIi6clwuUjE+QzmVda

2wLzk3YSrJRpbFZWf5Zt69nl0D3pG/HQLFTBLZxlvYndB2jQw+yuRwdaY+m3b4bb

UXP6kk00QQEcCiROJ73tmT2RQ2sRLDL6vnPVxWQeWq9nfiXCQR9N8R6yK0Sb6x0C

6yvgyVm6MFxqY7rPCrkiKMkz4ZnN4f03Ri258UFCZnlNs3KvTQ1AoqYVLOKzwe0M

o6YroN411dikyiEOcUH4IbY3i/Nof8udRHIlexTrwWne0o88XXeNydGnAQ3qQajh

WPe34cOGeh7eIa0n4fzmt5/LaLUJzp8RGPNGiUIu7c+D+Hm3NKiciKwZOOtY49i5

x3rt+kdGcqfOv5pkwi+3f9WaoXPSu7JVLfvvfB1OiQeNm4GY+lDsjGPl

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIIF9TCCA92gAwIBAgIUcTvrJuFA4Lwln6Ex1fIJLCIZkOQwDQYJKoZIhvcNAQEL

BQAwgZMxCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZBdHRpY2ExFTATBgNVBAcMDEFy

Z3lyb3Vwb2xpczEdMBsGA1UECgwUUGV0ZXIgVHNlbGlvcyAtIEhvbWUxCzAJBgNV

BAsMAklUMRAwDgYDVQQDDAdob21lLUNBMR4wHAYJKoZIhvcNAQkBFg9ob3N0bWFz

dGVyQGhvbWUwHhcNMjAwMzI0MDkzMzM0WhcNMzAwMzAxMTEwMDAwWjCBkzELMAkG

A1UEBhMCR1IxDzANBgNVBAgMBkF0dGljYTEVMBMGA1UEBwwMQXJneXJvdXBvbGlz

MR0wGwYDVQQKDBRQZXRlciBUc2VsaW9zIC0gSG9tZTELMAkGA1UECwwCSVQxEDAO

BgNVBAMMB2hvbWUtQ0ExHjAcBgkqhkiG9w0BCQEWD2hvc3RtYXN0ZXJAaG9tZTCC

AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ7k/aLVc7ma7VyqWshQnWax

DEPTM3JaMpW5+3D6dp6bh9HDQiEUIV4Hh3L2wA3dSwHJPQVsXGqzlnYa82NO0jOj

7N4BEjsfmx3QfKboGI2q16CXLDAYN7X2zBPTQPSt80B+6EYgGAIgKsrI8d7pvxmw

U7BZNHLgUDUcjtvgpeRC9JK390YPmDNpr8Cx7drIIR262sIf7kVdrMdlNRVy6VOA

CpsD3Ngc6cpSbkPUv6rN9XaM6mfX4U0XglWmXcR2Qtd3H22YYRUV/APyfrQxvduK

y0J9EFfhI3sxnKp5+WZhR8kja8FA7V1uELUTaUVsJKbJrEi3Dl0AFlBYqhKqXqCr

UTE8ILpaBfv6Gx8iUDXSFx4jjrk6goKTYlu1tZNwRkCVRnD3OT3wQBF6DaKcDVBT

wPazP5D65lrLvi4S3XV9j9woiuNOS+6xWP9jGYFtK9ymiJpfVG7w2yI0fvBSlF2o

L7EOUJOYCcf2VCkys8raIdVMrHr09OEKl8zlVbo66tAsNiqag2HYQyENSwf4g9ih

EQhSLnaZBEceqXabWbtPf1TKWUIk3gLngUWp1oSL6EBDWZzvTttjD85w2sfy+Kxf

XHAfDtD2dZkk8dwQPsSLCriD8tICkYv5QG1dqyG3eUpTtLTSx+Osu2QlGpAH6/4i

utOYM9kYW48NUg0CIFdhAgMBAAGjPzA9MBcGA1UdEQQQMA6CDCBzZXJ2ZXIuaG9t

ZTAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0B

AQsFAAOCAgEACX4JY3a/zn0YKxIB2xfQYAk6NwCa6uKRBXbD2jSCmTlfwFGiJjeW

lwXyylcZ9Hrk1S15hvfk0malDlGso1m3nqxmyUdo93/A+Yckdp2Zo1UlkagPziJB

zkpVeQKLV8cZgUpK/JpMAwjfEHMCgSVVVUPAML7UxwqTsJ+KPsuCXgZWVCvI1duu

PI+jmNdNBqCQBbWRd0wPNvSpZAtRJMTKP1hC02aN+RIOslwqpl28h6FTwEXCZdsb

4JW26xMSAnf9j6O3Zsd1b3qtxJ/dMPvSruQB7JPpjPlGYLWKIHnmXZgmkV+ybbu6

eFZBr9eUN5+ZcvNF7CF3MYmVerIyssXHz5pcPzQDgXeNVtdix0qjSr7i53jq60wt

hKgB4MHlxCce8IS8cf94JZuTaLtcVkaX4CgZAKen3BGuSTlSQ3SA30fVIimKn5ro

EYNujxtRr4SZ0geVfIN3dwR14Yly75qEvN7zrt8pjQoKAGdKhSpRlvjjJ1dgz+Zg

BLCqq//r29yLgSk25smbquPDTq+mG9rxow/HraEg+PJdSTrE+qXD6Ue+sC5WN8zn

Bx7HfoVbye/Kel+ueT/FlSoHjegYOkSwAQ5XGtWfbsEgDVGLgl9lk2TBo6IebgLP

mRogbluFWxvlKN8wL5kuTMfGB6SJx+2ho1rhZsWHIgb/ShATeTax4Ck=

-----END CERTIFICATE-----

So, how can I find what is wrong with my certificates?

hgrn37
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Linux收集ADU日志,Linux-kernel mailing list archive 2002-40,: [ANNOUNCE][PATCH] Linux Plug and Play Layer...
weixin_39654465的博客
05-02 6万+
[ANNOUNCE][PATCH] Linux Plug and Play Layer V0.6 - 2.5.40Adam Belay (ambx1@neo.rr.com)Mon, 7 Oct 2002 15:45:09 +0000--ReaqsoxgOBHFXBhHContent-Type: text/plain; charset=us-asciiContent-Disposition: inl...
the Asia-Pacific Region Pirate Bay
热门推荐
大碗面的日志
01-26 1万+
Show Recent Torrents | the Asia-Pacific Region Pirate Bay | APRPB.COM Virus Sample Pack. Bank E. | 668.37 MiB | 08-01-26 11:17:52 VH1 All Classics Hits vol4 [DVDRip] [80/s Video Cilp
问题 uniapp怎么引用svg多层图片
rulai_qiaokeli的博客
08-29 1万+
uniapp怎么引用svg多层图片
iOS 公钥获取 公钥验签 证书验签
longlongValue
08-30 4669
上一篇博客有点儿乱,到最后把自己都快绕晕了。那么现在我还是简单讲一下快速入门的证书验签过程吧,尽量保准新人直接复制粘贴代码就可以实现功能,以实现效率最大化。1.证书验证书第一步加载证书 如果你的证书是cer格式用下面的代码// 加载证书到 X509 结构 void loadCert( NSString * string, X509 * x){ NSData * certData;
openssl 证书验证
swj9099的博客
08-05 6086
本节中我们快速浏览一下证书验证的主干代码。读者可以采用上节中生成的VC工程进行验证。 下面列出关键部分代码,为方便阅读,仅保留与证书验证强相关的代码,去掉了诸如变量定义、错误处理、资源释放等非主要代码,并修改了排版格式。 // 初始入口为 apps\verify.c 中的 MAIN 函数 // 为利于代码阅读,下面尝试将相关代码放在一起(采用函数调用栈的形式,被调用函数的代码排版缩进...
openssl-devel-1.1.1o-1.el7.x86_64.rpm openssl-devel
05-23
openssl-devel-1.1.1o-1.el7.x86_64 openssl-devel openssl openssl rpm包
openssh-9.7p1-1.el7.x86-64-ssh-copy-id-openssl.tgz
最新发布
03-12
2024年3月12日制作 适用于centos 7 redhat 7 x86架构的二进制...2024年3月11日官方发布9.7版本,内含ssh-copy-id命令,安装后显示openssl版本,此包基于openssl 1.1.1w制作,因此安装后会显示1.1.1w版本的openssl信息
camellia-OpenSSL-1.1.0.tar.gz_Camellia _camellia-128_openssl 1.
09-21
在"camellia-OpenSSL-1.1.0.tar.gz"这个压缩包中,包含了Camellia算法在OpenSSL 1.1.0版本的具体实现。开发者可以通过解压这个文件,查看源代码来了解Camellia是如何与OpenSSL的其他加密算法一起工作的。这包括了...
openssl-1.1.1a.tar.gz
12-15
文件:openssl-1.1.1a.tar.gz 格式:*.tar.gz 来源:下载自官网 www.openssl.org 说明:于2018年12月下载,是当时的最新版、最高版 使用方法(亲测留档):以下为Ubuntu16.04.5上亲测,卸载并安装新版openssl # ...
openssl-1.0.2s.7z
04-13
在给定的文件“openssl-1.0.2s.7z”中,我们关注的是 OpenSSL 的一个特定版本——1.0.2s。这个版本发布于2019年5月,是1.0.2系列的一个安全更新版本。 OpenSSL 的核心功能: 1. 加密算法支持:OpenSSL 支持多种...
compat-openssl10-1.0.2o-3.el8.x86_64.rpm
03-08
openssl10
compat-openssl10-1.0.2o-4.el8.aarch64
10-11
arm 架构的 openssl10
xmlsec1-openssl-1.2.20-7.el7_4.x86_64.rpm
11-30
离线安装包,亲测可用
xmlsec1-openssl-devel-1.2.20-7.el7_4.i686.rpm
12-23
官方离线安装包,测试可用。使用rpm -ivh [rpm完整包名] 进行安装
openssl-master.zip_OpenSSL master._openssl-master_安全套接层_密钥管理
09-24
这个"openssl-master.zip"压缩包可能包含了OpenSSL项目的源代码库,也就是它的“master”分支,这通常是最新的开发版本,用于跟踪最新的开发进展和安全更新。 OpenSSL 的核心功能主要包括以下几个方面: 1. **SSL/...
很棒的 openssl 证书解析例子
andylau00j的专栏
06-14 1万+
Parsing X.509 Certificates with OpenSSL and C 转自:https://zakird.com/2013/10/13/certificate-parsing-with-openssl While OpenSSL has become one of the defacto libraries for performing SSL
HTTPS协议分析(基于TLS1.3)
u012425770的博客
07-04 3564
很多市面上的书籍对HTTPS基于的TLS协议介绍还停留在1.2的版本上,然而 新的TLS1.3已经对1.2进行了很大的改进,优化了握手过程,访问速度更快;删除了(不采用)一些不安全的加密算法,安全上更强。因此,有必要结合TLS1.2来了解下基于TLS1.3的HTTPS协议。 TLS 1.2握手过程 TLS 1.3握手过程 TLS1.2里交互过程需要2-RTT,而TLS1.3只需要1-RTT,流程如下: 【第1步】客户端发送 ClientHello 消息,该消息主要包括客户端支持的协议版本、会话ID、密
TP5连接数据库和phpstrom连接数据库(宝塔面板数据库连接)
weixin_30608131的博客
07-14 274
1.编译器:phpstrom 框架:TP5 服务器面板:宝塔面板 2.我遇到的核心问题:数据库、用户名、密码均正确但是无法连接, 使用宝塔面板的都知道phpmyadmin的端口号是888,注意注意这个888是phpmyadmin的端口号 不是数据库的端口号,数据库的端口号还是3306,可以在面板里面查。 然后你把连接的端口号改成3306,还是不行。 3.你还需要的是在宝塔面板中放行3...
汉字unicode码表范围和常用汉字unicode
weixin_33739523的博客
08-14 8288
utf-8吗表中所有汉字的区间的正则表达式[\u4e00-\u9fa5]汉字常用字unicode吗表String base ="\u7684\u4e00\u4e86\u662f\u6211\u4e0d\u5728\u4eba\u4eec\u6709\u6765\u4ed6\u8fd9\u4e0a\u7740\u4e2a\u5730\u5230\u5927\u91cc\u8bf4\u5c31\u53...
./configure --prefix=/usr/local/swipl --with-openssl --with-readline
04-05
As an AI language model, I do not have the capability to execute commands on a computer. However, I can explain what this command does. This command is used to configure the installation of the SWI-Prolog software with certain options. Here's what each option does: - `--prefix=/usr/local/swipl`: This specifies the installation directory where the SWI-Prolog software will be installed. In this case, it will be installed in the `/usr/local/swipl` directory. - `--with-openssl`: This option enables support for OpenSSL, a software library for secure communication over the internet. - `--with-readline`: This option enables support for the GNU Readline library, which provides advanced line editing and history capabilities for command-line interfaces.

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值