我有一个自签名的多域SAN证书,如下所示:
if (c == ' ' || c == '\t' || c == '\n')我使用此证书在presto服务器上配置+启用SSL。此外,我在presto-cli客户端计算机的java信任库中导入此证书(在我的情况下,两者都在同一主机上)。但是,当我连接到presto-server时,即使我使用与证书中的CN匹配的FQDN,我也会收到以下错误消息:
$ echo "my dog has fleas and my cat has none" | ./bin/getwords
words[ 0]: my
words[ 1]: dog
words[ 2]: has
words[ 3]: fleas
words[ 4]: and
words[ 5]: my
words[ 6]: cat
words[ 7]: has
words[ 8]: none
当我进行连接检查时,我看到了这个错误:
$ openssl x509 -in trustedCertificates.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d0:6e:6b:66:c6:55:44:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=WA, L=Seattle, O=MyOrg, OU=MyDept, CN=*.us-west-2.compute.internal
Validity
Not Before: Mar 23 22:15:10 2018 GMT
Not After : Mar 23 22:15:10 2019 GMT
Subject: C=US, ST=WA, L=Seattle, O=MyOrg, OU=MyDept, CN=*.us-west-2.compute.internal
Subject Public Key Info:
...
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:*.us-west-2.compute.amazonaws.com
Signature Algorithm: sha256WithRSAEncryption
...
...
如果我使用的证书只有单个域CN = *。us-west-2.compute.internal而没有任何SAN扩展,那么一切似乎都运行正常。关于这里出了什么问题的任何想法?