问题描述
我创建了以下脚本,以允许自动创建CA,服务器和客户端证书。使用openssl verify和pyopenssl时,此脚本可以正常工作:
openssl验证-CAfile ca / ca.crt-用途sslserver服务器/server.crt server / server.crt:确定
但是,当我尝试卷曲以连接到我的Nginx服务器时,出现以下错误: curl:(35)错误:0407008A:rsa例程:RSA_padding_check_PKCS1_type_1:无效的填充
我在做什么错了?
# Move to root directory...
cd /
mkdir keys
cd keys
mkdir -p ca/private
openssl genrsa -out ca/private/ca.key 4096
openssl req \
-x509 \
-new \
-nodes \
-key ca/private/ca.key \
-sha256 \
-days 1024 \
-out ca/ca.crt \
-subj "/C=US/ST=California/L=S/O=F/CN=Root CA"
# Create server private key and certificate request
mkdir -p server/private
openssl genrsa -out server/private/server.key 4096
openssl req -new \
-sha256 \
-key server/private/server.key \
-out server/server.csr \
-subj "/C=US/ST=California/L=S/O=F/CN=0.0.0.0"
echo "Server CSR"
openssl req -in server/server.csr -noout -text
# Create client private key and certificate request
mkdir -p client/private
openssl genrsa -out client/private/client.key 4096
openssl req -new \
-sha256 \
-key client/private/client.key \
-out client/client.csr \
-subj "/C=US/ST=California/L=S/O=F/CN=Client/serialNumber=1"
echo "Client CSR"
openssl req -in client/client.csr -noout -text
# Generate server certificates
openssl x509 -req \
-in server/server.csr \
-CA ca/ca.crt \
-CAkey ca/private/ca.key \
-CAcreateserial \
-out server/server.crt \
-days 500 \
-sha256
echo "Server CRT"
openssl x509 -in server/server.crt -noout -text
# Generate client certificates
openssl x509 -req \
-in client/client.csr \
-CA ca/ca.crt \
-CAkey ca/private/ca.key \
-CAcreateserial \
-out client/client.crt \
-days 500 \
-sha256
echo "Client CRT"
openssl x509 -in client/client.crt -noout -text
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)