标签:ca签署
在自签CA证书时一直提示出错:
[root@master.mysql.com ssl]# openssl ca -in master.csr -out master.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok ERROR:Serial number 01 has already been issued, check the database/serial_file for corruption The matching entry has the following details Type :Valid Expires on :160802074104Z Serial Number :01 File name :unknown Subject Name :/C=CN/ST=Henan/O=Companyname/OU=Linuxer/CN=www.example.com/emailAddress=webadmin@example.com
解决方法:
[root@master.mysql.com CA]# echo 02 > serial [root@master.mysql.com ssl]# openssl ca -in master.csr -out master.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 2 (0x2) Validity Not Before: Sep 4 02:27:33 2015 GMT Not After : Sep 3 02:27:33 2016 GMT Subject: countryName = CN stateOrProvinceName = Henan organizationName = Companyname organizationalUnitName = Linuxer commonName = master.mysql.com emailAddress = master@mysql.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: CC:E8:58:B9:82:A9:BA:9D:B7:50:C5:53:2A:68:08:CE:9C:4F:05:E0 X509v3 Authority Key Identifier: keyid:91:0B:59:72:B0:9F:5E:69:EA:E6:FF:7D:A9:E1:14:F1:B7:DE:F5:8C Certificate is to be certified until Sep 3 02:27:33 2016 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
原因是由于原先做实验时由于01签署的是https协议,故无法正常签署。
本文出自 “粗茶淡饭” 博客,请务必保留此出处http://cuchadanfan.blog.51cto.com/9940284/1691273
标签:ca签署
原文地址:http://cuchadanfan.blog.51cto.com/9940284/1691273
