我们在生成ca根证书时,Common Name 最好是有效根域名(如 sztech.com ),
并且不能和后来服务器证书签署请求文件中填写的 Common Name 完全一样,否则会
导致证书生成的时候出现
[root@sztech1 newcerts]# openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem
server-cert.pem: C = cn, ST = cq, L = cq, O = sztech, OU = sztech, CN = sztech1
error 18 at 0 depth lookup:self signed certificate
OK
# error 18 at 0 depth lookup:self signed certificate 错误
| 欢迎光临 重庆思庄Oracle、Redhat认证学习论坛 (http://bbs.cqsztech.com/) | Powered by Discuz! X3.2 |