我正在尝试制作自签名证书LibSSL 1.1.0,但出现以下错误:
openssl req -new -x509 -subj "/CN=demoCA" -extensions v3_ca -days 3650 -key ca.key.pem -sha256 -out ca.pem -config $prefix.cnf
Error Loading request extension section v3_req
139919553671616:error:22075075:X509 V3 routines:v2i_GENERAL_NAME_ex:unsupported option:../crypto/x509v3/v3_alt.c:531:name=subjectKeyIdentifier
139919553671616:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=subjectAltName, value=@alt_names
prefix.conf:
x509_extensions = v3_ca # The extensions to add to the self signed cert
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#extendedKeyUsage=serverAuth
subjectAltName = @alt_names
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical, CA:TRUE, pathlen:3
keyUsage = critical, cRLSign, keyCertSign
nsCertType = sslCA, emailCA
[ alt_names ]
//Tried many alternatives below, name, email, etc.
DNS.1 = %%DOMAIN%%