作者:哭着说再见0 | 来源:互联网 | 2023-10-11 12:22
在自签CA证书时一直提示出错:[root@master.mysql.comssl]#opensslca-inmaster.csr-outmaster.crt-days365Usi
在自签CA证书时一直提示出错:
[root@master.mysql.com ssl]# openssl ca -in master.csr -out master.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
ERROR:Serial number 01 has already been issued,
check the database/serial_file for corruption
The matching entry has the following details
Type :Valid
Expires on :160802074104Z
Serial Number :01
File name :unknown
Subject Name :/C=CN/ST=Henan/O=Companyname/OU=Linuxer/CN=www.example.com/emailAddress=webadmin@example.com
解决方法:
[root@master.mysql.com CA]# echo 02 > serial
[root@master.mysql.com ssl]# openssl ca -in master.csr -out master.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2 (0x2)
Validity
Not Before: Sep 4 02:27:33 2015 GMT
Not After : Sep 3 02:27:33 2016 GMT
Subject:
countryName = CN
stateOrProvinceName = Henan
organizationName = Companyname
organizationalUnitName = Linuxer
commonName = master.mysql.com
emailAddress = master@mysql.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
CC:E8:58:B9:82:A9:BA:9D:B7:50:C5:53:2A:68:08:CE:9C:4F:05:E0
X509v3 Authority Key Identifier:
keyid:91:0B:59:72:B0:9F:5E:69:EA:E6:FF:7D:A9:E1:14:F1:B7:DE:F5:8C
Certificate is to be certified until Sep 3 02:27:33 2016 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
原因是由于原先做实验时由于01签署的是https协议,故无法正常签署。
本文出自 “粗茶淡饭” 博客,请务必保留此出处http://cuchadanfan.blog.51cto.com/9940284/1691273
自签CA证书时由于serial值的问题无法签署