 

当前位置：莱卡云  AI转载  正文

openssl自签名证书报错x509: certificate contains duplicate extensions

2023-04-28 分类：AI转载阅读(386)

使用openssl生成自签名证书后，在软件调试时提示如下报错：

tls: failed to parse certificate from server: x509: certificate contains duplicate extensions

证书生成命令为：

openssl x509 -req -extfile /etc/pki/tls/openssl.cnf -extensions v3_req -in client-req.csr -out client-cert.cer -signkey client-key.key -CA root-cert.cer -CAkey root-key.key -CAcreateserial -days 36500

排查思路

查看证书信息

通过查看证书信息，可以看到X509v3 extensions中存在多个X509v3 Basic Constraints及X509v3 Key Usage扩展信息。

[[email protected] ~]# openssl x509 -in client-cert.cer -noout -text 
Certificate:
    Data:
    ........
    Signature Algorithm: sha256WithRSAEncryption
    ........
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
    Signature Algorithm: sha256WithRSAEncryption
    ........

解决办法

在证书生成命令中添加 -clrext选项即可。

openssl x509 -req -extfile /etc/pki/tls/openssl.cnf -extensions v3_req -clrext -in client-req.csr -out client-cert.cer -signkey client-key.key -CA root-cert.cer -CAkey root-key.key -CAcreateserial -days 36500
Signature ok

文章来源于互联网:openssl自签名证书报错x509: certificate contains duplicate extensions

赞(0)

未经允许不得转载：莱卡云 » openssl自签名证书报错x509: certificate contains duplicate extensions

分享到

相关推荐

回顶部