我正在尝试在Mac OS X Yosemite上为Apache(通过XAMPP安装)设置SSL。
我们假设我已经设置了一个名为“my-local-host”的本地主机名。我按照说明here设置运行以下命令的证书:
/Applications/XAMPP/xamppfiles/apache2/ssl注意:我在httpd-vhosts.conf目录中完成了所有这些操作。
在此之后,我将虚拟主机列表添加到<VirtualHost *:443>
ServerName my-local-host
DocumentRoot "/path/to/my-local-host/files"
SSLEngine on
SSLCertificateFile "/Applications/XAMPP/xamppfiles/apache2/ssl/my-local-host.crt"
SSLCertificateKeyFile "/Applications/XAMPP/xamppfiles/apache2/ssl/my-local-host.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/Applications/XAMPP/xamppfiles/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<Directory "/path/to/my-local-host/files">
ServerSignature Off
Options Indexes FollowSymLinks Includes execCGI
AllowOverride All
Require all granted
</Directory>
ErrorLog "logs/my_local_host_log"
</VirtualHost>
。
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /Applications/XAMPP/xamppfiles/apache2/ssl/my-local-host.crt
然后我将证书添加到系统Keychain中,其中包含以下内容:
This server could not prove that it is my-local-host; its security certificate is from [missing_subjectAltName].
然后我重新启动了Apache并尝试在Chrome浏览器中加载https://my-local-host。这是我收到的错误:
sudo openssl req -newkey rsa:2048 -x509 -nodes -keyout my-local-host.key -new -out my-local-host.crt -subj /CN=my-local-host -reqexts SAN -extensions SAN -config <(cat /System/Library/OpenSSL/openssl.cnf ; printf '[SAN]\nsubjectAltName=DNS:my-local-host') -sha256 -days 3650
在线搜索后,似乎这是Chrome从Chrome 58中删除CommonName支持的问题。
我找到了这个恰当的标题帖子:Missing [missing_subjectAltName] in ssl certificate (since Chrome 58),其中包含了创建合规证书的命令:
error on line -1 of /dev/fd/63
80231:error:02001009:system library:fopen:Bad file descriptor:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/crypto/bio/bss_file.c:126:fopen('/dev/fd/63','rb')
80231:error:2006D002:BIO routines:BIO_new_file:system lib:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/crypto/bio/bss_file.c:131:
80231:error:0E078002:configuration file routines:DEF_LOAD:system lib:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/crypto/conf/conf_def.c:199:
不幸的是,当我运行此操作时,我收到以下错误:
missing_subjectAltName我是否可以使用其他一些不那么繁琐的方法来创建符合Chrome的<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js" integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" crossorigin="anonymous"></script>
<nav class="navbar navbar-default">
<div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">Brand</a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li class="active"><a href="#skills">Skills<span class="sr-only">(current)</span></a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Projects<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="#">Action</a></li>
<li><a href="#">Another action</a></li>
<li><a href="#">Something else here</a></li>
<li role="separator" class="divider"></li>
<li><a href="#">Separated link</a></li>
<li role="separator" class="divider"></li>
<li><a href="#">One more separated link</a></li>
</ul>
</li>
<li><a href="#schools">Schools</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Contact Me<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="#">Action</a></li>
<li><a href="#">Another action</a></li>
<li><a href="#">Something else here</a></li>
<li role="separator" class="divider"></li>
<li><a href="#">Separated link</a></li>
</ul>
</li>
</ul>
</div><!-- /.navbar-collapse -->
</div><!-- /.container-fluid -->
</nav>问题的合规证书?
答案 0 :(得分:0)
我刚从这篇文章找到了解决方法:Fixing Chrome 58+ [missing_subjectAltName] with openssl when using self signed certificates。非常感谢作者。
所以这就是我所做的工作:
首先,我们将删除之前创建的所有文件。
其次,我们在工作目录/Applications/XAMPP/xamppfiles/apache2/ssl中创建这两个文件:
第一个文件 - my-local-host.csr.cnf,其中包含以下内容:
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=NG
ST=Lagos
L=Ikeja
O=Local, LLC
OU=Tech
emailAddress=admin@yourdomain.com
CN = my-local-host
注意:确保所有字段都有一个值,即没有空白条目。
第二个文件 - my-local-host.v3.ext,内容如下:
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = my-local-host
第三,运行以下命令:
sudo openssl genrsa -des3 -out rootCA.key 2048
sudo openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
openssl req -new -sha256 -nodes -out my-local-host.csr -newkey rsa:2048 -keyout my-local-host.key -config <( cat my-local-host.csr.cnf )
sudo openssl x509 -req -in my-local-host.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out my-local-host.crt -days 500 -sha256 -extfile my-local-host.v3.ext
注意:我尝试使用sudo运行第三个命令,但由于某些原因我遇到了错误,我在网上发现了一些信息,建议在没有它的情况下运行它,这对我有用。
完成所有操作后,运行以下命令:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain my-local-host.crt
最后,重启Apache。
我希望这有助于解决您的SSL问题。