如何解决OpenSSL:第一个数字太大-这是什么意思,以及如何解决?
这是我生成证书的命令
root@porteus:/mnt/sda1/porteus/base# openssl version
OpenSSL 1.0.2o 27 Mar 2018
root@porteus:/mnt/sda1/porteus/base# openssl req -new -out wso2.csr -newkey rsa:2048 -nodes -sha256 -keyout wso2.key -config /tmp/req.conf
Error Loading extension section v3_req 2828282292:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:a_object.c:108: 2828282292:error:2206706E:X509 V3
routines:V2I_EXTENDED_KEY_USAGE:invalid object identifier:v3_extku.c:142:section:,name:clientAtuth,value: 2828282292:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=extendedKeyUsage,value=serverAuth,clientAtuth
这是/tmp/req.conf
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = RU
ST = Moscow
L = Moscow
O = "Credit Swiss"
OU = IT
CN = wso2.endocs.ru
[v3_req]
keyUsage = keyEncipherment,dataEncipherment
extendedKeyUsage = serverAuth,clientAtuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = wso2.endocs.ru
它想要什么以及如何解决该问题?
解决方法
如上面@MattCaswell所标识,
cat openssl.cnf | grep extendedKeyUsage
extendedKeyUsage = serverAuth,clientAtuth
openssl req -new -out wso2.csr -newkey rsa:2048 -nodes -sha256 -keyout wso2.key -config openssl.cnf
Error Loading request extension section v3_req
140460060510096:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:a_object.c:108:
140460060510096:error:2206706E:X509 V3 routines:V2I_EXTENDED_KEY_USAGE:invalid object identifier:v3_extku.c:142:section:,name:clientAtuth,value:
140460060510096:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=extendedKeyUsage,value=serverAuth,clientAtuth
纠正错字后:
cat openssl.cnf | grep extendedKeyUsage
extendedKeyUsage = serverAuth,clientAuth
openssl req -new -out wso2.csr -newkey rsa:2048 -nodes -sha256 -keyout wso2.key -config openssl.cnf
Generating a 2048 bit RSA private key
.......................................+++
............................+++
writing new private key to 'wso2.key'
-----
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
